Monster 
bandwidth 


Special-effects  company  Industrial  Light  &  Magic  muscles  up  with  10G. 
Get  details  in  our  exclusive  10G  Ethernet  editorial 
supplement  Coverage  begins  after  page  26. 
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SOFTWARE-BASED  WEB 
APPLICATION  FIREWALLS 

AppShield  edges  InterDo 


in  battle  of  software  that  filters 
Port  80  traffic.  Page  48. 


Latest  worm 
puts  focus  on 
patch  woes 

■  BY  ELLEN  MESSMER  AND 
JOHN  FONTANA 

The  Blaster  worm  that  last  week 
infiltrated  hundreds  of  thou¬ 
sands,  if  not  millions,  of  Windows- 
based  computers  once  again 
highlighted  the  IT  community’s 
inability  to  plug  software  holes 
even  when  they  have  been 
detected  and  patches  have  been 
issued. 

As  Network  World  went  to 
press  late  Friday,  Microsoft  was 
preparing  for  what  was  sup¬ 
posed  to  be  a  denial-of-service 

See  Blaster,  page  13 


■  BY  JIM  DUFFY 

Time  was  you  would  buy  TV 
service  from  your  cable  compa¬ 
ny,  telephone  service  from  your 
phone  company  and  that  was 
that. 

But  now  cable  companies  are 
offering  phone  services  at  hard- 
to-pass-up  prices,  while  phone 
companies  are  fighting  back 
with  plans  for  TV  services  deliv¬ 
ered  through  brand-new  agree¬ 
ments  with  leading  satellite  TV 
providers. 

The  heated  competition  be¬ 
tween  regional  Bell  operating 
companies  and  cable  compa¬ 
nies  shows  no  signs  of  abating 
as  the  rivals  invade  each  others’ 
turf  with  “triple  play”  —  voice, 
data  and  video  —  service  bun¬ 
dles  designed  to  attract  new  cus¬ 
tomers  and  retain  old  ones. 
Throw  wireless  services  into  the 
mix  and  the  prospects  for  even 
fiercer  battles  —  and  even  more 
aggressively  priced  service  pack¬ 
ages  —  loom. 

“A  driving  factor  in  our  success 
continues  to  be  our  bundling 
strategy  said  Cox  Communica¬ 
tions  President  and  CEO  Jim 


Robbins  during  the  company’s 
earnings  announcement  last 
month.“Today  nearly  one-third  of 
our  customers  buy  multiple  ser¬ 
vices.” 

The  chief  business  beneficia¬ 
ries  of  this  budding  competition 
are  home  office  workers  and 
very  small  companies,  custom¬ 
ers  the  RBOCs  covet  as  much  as 
the  millions  of  residential  users. 


■  BY  PHIL  HOCHMUTH 

The  good  news  was  that  the 
LAN  at  the  North  Bronx 
Healthcare  Network  was  pre¬ 
dictable;  unfortunately  that  was 
the  bad  news,  too. 


“We  take  [cable  competitors] 
very  seriously”  says  Mark 
Pitchford,  senior  vice  president 
of  consumer  marketing  at  Qwest. 
The  carrier  does  not  divulge 
numbers,  but  has  seen  line  loss 
to  cable  operators  in  some  of  its 
larger  metropolitan  markets. 

Such  encroachment  by  cable 
operators  in  RBOC  territory  is 
just  beginning  and  is  likely  to  last 
a  long  time,  analysts  say 
“Cable  competition  is  the  great¬ 
est  threat  to  Bell  franchises,” says 
John  Hodulik,  an  analyst  at  UBS 
Warburg,  who  says  he  believes 
See  RBOCs,  page  10 


With  zero  network  downtime  in 
five  years,  the  Cisco-based  LAN 
was  “a  phenomenally  stable  envi¬ 
ronment,”  says  Dan  Morreale,CIO 
at  NBHN.  But  doctors  and  nurses 
using  the  system  also  could 
count  on  phenomenal  delays 


HP  prepping 
all-in-one 
server  mgmt. 
software 

■  BY  JENNIFER  MEARS  AND 
DENI  CONNOR 

HP  is  readying  server  manage 
ment  software  that  should  give 
users  control  of  Unix,  Linux  and 
Windows  machines  from  a  sin¬ 
gle  console,  a  capability  analysts 
say  will  be  particularly  impor¬ 
tant  as  businesses  consolidate 
workloads  to  boost  efficiencies 
in  their  data  centers. 

The  software,  code-named 
Nimbus,  will  be  the  first  inte¬ 
grated  tool  from  a  systems  ven¬ 
dor  that  handles  the  nitty-gritty 
of  server  management  regard¬ 
less  of  platform,  from  updating 
server  BIOS  and  driver  agents  to 
See  Nimbus,  page  12 


when  using  applications  over  the 
healthcare  provider’s  10M  bit/sec 
hubs  and  Fast  Ethernet  back¬ 
bone.  In  fact,  when  running  net¬ 
work  applications,  some  NBHN 
staff  members  were  known  for 
giving  computer  screens  that  old 
familiar  cheer  for  which  this  New 
York  borough  is  famous. 

“Clinicians  were  waiting  4  or  5 
seconds  or  more  for  a  response 
from  the  network”  when  using 
certain  applications,  Morreale 
says.That  wasn’t  going  to  go  fly” 

A  standard  prescription  for 
such  a  network  problem  might 
call  for  a  Gigabit  Ethernet  up¬ 
grade.  Instead,  NBHN  is  skipping 
a  step  in  the  traditional  migration 
See  Bronx,  page  11 


k  I  Clinicians  were  waiting 
4  or  5  seconds  or  more  for  a 
response  from  the  network. 
That  wasn't  going  to  fly.  11 

Dan  Morreale 

CIO,  North  Bronx  Healthcare  Network 


I  { rn  Lessons  from  leading  users  North  Bronx  Healthcare  Network 

Bronx  hospital  leaps  to  10G 


Th£  HUL *  COURTESY  OF  uM  02003  UNIVERSAL  STUDIOS  All  RIGHTS  RESERVED 
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Partitioned  to  run  multiple  applications 


across  one  system 


On  demand. 


Our  minds  are  cleverly  organized.  Ditto  IBM  eServer.  IBM  eServer  systems 
offer  logical  partitioning  capabilities,  which  help  you  handle  changing  business 
requirements!  On  demand.  IBM  eServer  systems  can  allow  you  to  leverage  your 
server  investments  while  slashing  costs.  You  can  share  resources  across  multiple 
partitions  using  virtual,  dynamic  technologies.  Which  means  you  can  harness 
unused  capacity  at  an  impressive  rate.  Think  about  it. 

eServer:  servers  for  on  demand  business. 

Can  you  see  it?  See  it  at  ibm.com/eserver/ondemand 
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Fastlron  Edge  Switches  let  you  do  more  with  less.  Compact  form.  Immense  capabilities 
Fastlron  Edge  Stackables  pack  more  power  into  your  wiring  closet  than  any  other  switch. They  give  you 
tii.nable  Functionality,  configurable  security,  and  simplified  management. The  96-port  model  has  twice 
the  port  density  of  the  nearest  competitor.  With  a  common  user  interface,  standard-based  network 
njanageinent  support,  redundant  and  hot-swappable  power  supplies,  and  a  common  software  suite,  the 
P,tStlfon  Edge  switches  give  you  the  lowest  total  cost  of  ownership  and  the  highest  investment  value  of 
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all  the  major  switches.  Get  a  competitive  edge — get  a  Fastlron  Edge  Switch.  Call  1  .SK8.TURBOLAN 
(8H7-2652)  or  www.foundrynetworks.com/fes. 
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Verizon  joins  ‘push-to-talk'  game 

■  Verizon  Wireless  this  week  was  expected  to  turn  up  a  nation¬ 
wide  “push-to-talk”  service,  thus  becoming  the  second  mobile 
operator  to  offer  the  walkie-talkie-type  service.  Until  now,  Nextel 
has  differentiated  itself  with  its  push-to-talk  service,  which 
observers  have  credited  for  the  wireless  operators  industry-low 
customer  churn  rate.  Analysts  expect  Sprint  PCS  to  launch  a  simi¬ 
lar  service  later  this  year.  Push-to-talk  lets  customers  connect 
directly  with  other  push-to-talk  users  on  the  same  network  by 
pressing  a  button  on  their  handset.  Business  customers  can  set  up 
and  manage  group  calling  lists  on  Verizon  Wireless’  Contact 
Management  Web  site  without  going  through  customer  service  or 
a  Verizon  Wireless  retail  store,  the  carrier  says.The  monthly  access 
fees  for  the  service  range  from  $60  to  $220. 

MCI  hires  AT&T  veteran  for  top  spot 

■  After  weeks  of  being  on  the  defensive  and  responding  to  a  series  of  allegations  of 
wrongdoing  by  chief  competitor  AT&T,  MCI  last  week  announced  the  appointment  of  a 
former  senior  AT&T  executive  as  its  new  president.  MCI  named  Richard  Roscitt  to  serve 
as  its  president  and  COO,  who  will  report  to  Chairman  and  CEO  Michael  Capellas. 
Roscitt  brings  more  than  30  years  of  telecom  experience  to  the  company  having  served 
most  recently  as  chairman  and  CEO  of  ADC  Telecommunications,  and  he  is  currently  a 
member  of  the  board  of  directors  of  the  Telecommunications  Industry  Association. 
Before  ADC,  he  was  president  of  AT&T  Business  Services  and  president  and  CEO  of 
AT&T  Solutions.  Roscitt  will  oversee  MCI’s  core  operating  units  and  will  be  based  in  the 
company’s  headquarters  in  Ashburn,Va.  Capellas  said  the  company  wasn’t  out  seeking 
a  COO. "This  was  a  question  of  the  right  guy  for  the  job,”he  said.There  was  no  other  can¬ 
didate  considered.”  Roscitt  will  begin  work  Sept.  1. 

SCO  touts  licensing  revenue 

■  The  SCO  Group  predicted  last  week  that  it  would  book  close  to  $12  million  in  revenue 
on  Unix  licensing  deals  with  technology  companies  next  quarter.The  company  said  the 
revenue  would  come  from  its  SCOsource  licensing  initiative,  which  was  created  in 
January  to  manage  licensing  fees  for  the  System  V  Unix  source  code  that  SCO  owns. 
SCO  is  in  Unix  license  negotiations  with  a  number  of  companies,  according  to  a  com¬ 
pany  spokesman. The  revenue  in  question  is  expected  to  come  from  technology  com¬ 
panies  looking  to  secure  the  Unix  rights,  and  not  from  Linux  users  signing  up  for  its 

COMPENDIUM 

Those  wacky  porn  sites 

Unix  Girl  says  pom  sites  have  found  a  new  way  to  increase  their  Google  rankings:  They 
link  to  images  on  ur  suspecting  Weblogs.  Every  time  somebody  goes  to  the  porn  site, 
the  images  get  called  and  another  link  is  added  to  the  Weblogs  public  referrer  log  - 
then  gets  indexed  by  Googie. 

You  'll  get  plenty '  of  stuff  you  have  to  see  every  day,  even  Monday,  in 
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<2>  Sins  of  the  father.  How  do  you  know  the  parent  company  is  in  trouble? 
When  the  kids  want  nothing  to  do  with  their  last  name.  Such  is  the  case  with  AOL 
and  scandal-plagued  Time  Warner,  as  the  former  has  asked  the  latter  to  set  it  free 
from  the  AOL  Time  Warner  moniker,  as  was  widely  reported  last  week. 

Squeezed  out  Start-up  Aspelle,  a  member  of  the  crowded  Secure  Sockets 
Layer  remote-access  market,  is  closing  shop  this  week  after  failing  to  get  a  second 
round  of  funding.  The  company,  which  as  recently  as  July  touted  itself  in  a  press 
release  as  “the  SSL  VPN  software  leader,"  had  hoped  to  sell  its  Aspelle  Everywhere 
products  to  large  corporations  with  the  promise  that  the  software  would  work 
essentially  as  an  add-on  to  Microsoft  products. 


Intellectual  Property  License  for  Linux  program.  Last  week  SCO  branched  beyond 
licensing  Unix  to  technology  vendors  when  it  created  a  new  SCOsource  product, aimed 
at  Linux  users,  called  SCO  Intellectual  Property  License  for  Linux.  SCO  says  the  Linux 
source  code  violates  its  intellectual  property  rights  and  has  offered  its  Linux  license,  at 
a  cost  of  $699  per  processor  for  server  users. 

Los  Alamos  getting  Linux  supercomputer 

■  Another  Linux  supercomputer  cluster  with  Advanced  Micro  Devices’  Opteron 
chip  is  in  the  works,  this  time  for  Los  Alamos  National  Laboratory’s  nuclear  weapons 
testing  program.  Linux  Networx  last  week  announced  it  has  been  selected  to  build 
the  cluster  of  1,408  dual-processor  Opteron  servers. The  system,  known  as  Lightning, 
will  deliver  theoretical  peak  performance  of  11.26  trillion  floating-point  operations 
per  second  (FLOPS),  the  company  said.  The  deal  is  worth  $10  million,  and  Linux 
Networx  expects  to  complete  the  system  in  September,  Dean  Hutchings,  COO  of  the 
company,  says.  A  number  of  Linux  supercomputers  have  been  announced  over  the 
past  few  weeks.  Dell  is  working  on  what  will  become  the  fastest  Linux  supercomputer 
when  it  is  finished  later  this  year,  with  17.7  trillion  FLOPS  of  peak  theoretical  perfor¬ 
mance.  IBM  and  Fujitsu  also  are  developing  Linux  supercomputers  that  will  be 
deployed  next  year  with  TFLOPS  results  expected  to  be  similar  to  that  of  the  Linux 
Networx  system. 


Mobile  phones  to  the  rescue.  Firefighters  in  the  Scottish 
county  of  Fife  are  testing  a  photo-messaging  technology  that  could  help  save  lives, 
according  to  a  BBC  report.  The  firefighters  are  being  outfitted  with  mobile  phones 
that  let  them  transmit  pictures  of  victims'  injuries  to  doctors  before  patients  arrive 
at  hospitals, 
enabling  medical 
teams  to  better 
prepare.  > 
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As  patent  suits  proliferate,  so  do  worries 


■  BY  JOHN  COX 

You’re  wondering  whether  to  tell  the  boss 
that  his  BlackBerry  e-mail  handheld  could 


become  an  expensive  paperweight 
because  of  a  patent  suit  against  Research 
in  Motion  by  NTP 

Your  legal  team  is  poring  through  soft¬ 


ware  license  contracts  with  your  Linux  ven¬ 
dor  trying  to  find  out  if  you  should  stick 
with  that  arrangement  —  and  face  a  patent 
lawsuit  from  The  SCO  Group  —  or  take  the 
new  licensing  deal  that  SCO  is  offering. 

You  see  that  Microsoft  has  been  ordered 
to  pay  a  $521  million  infringement  award 
for  adding  code  that  lets  Internet  Explorer 
run  applets  and  plug-ins,  and  that  eBay 
must  pony  up  $30  million  because  the“Buy 
it  Now”  feature  on  its  Web  site  infringed  on 
patents.  Your  mind  turns  to  the  software- 
based  business  methods  you’re  exposing 
on  your  own  Web  site  through  those  nifty 
new  Web  services,  and  about  how  these 
services  are  interacting  with  services  on 
someone  else’s  Web  site. 

Suddenly  the  terms  “patent  protection” 
and  “patent  infringement”  take  on  a  whole 
new  meaning. 

Data  compiled  by  Aon  Corp.,  which 
sells  intellectual  property  and  infringe¬ 
ment  insurance,  shows  a  surge  in  patent 
litigation  cases,  costs  and  judgments.  Part 
of  the  reason  is  vendors  are  more  serious 
than  ever  about  protecting  intellectual 
property  of  all  kinds,  including  patents. 
They’re  more  serious  because  there’s 
more  money  at  stake. 

“There’s  a  realization  by  a  lot  of  compa¬ 
nies  . . .  that  they  had  this  patent  portfolio 
and  they  could  go  off  and  turn  it  into  a 
profit  center;”  says  Jason  Mirabito,  a  part¬ 
ner  at  Mintz,  Levin,  Cohn,  Ferris,  Glovsky 
and  Popeo  in  Boston.  He  started  the  intel¬ 
lectual  property  practice  at  his  firm  six 
years  ago  with  four  lawyers.  Today,  there 
are  70  lawyers.  Companies  with  lots  of 
patents,  such  as  IBM  and  Lucent,  he  says, 
began  systematically  identifying  compa¬ 
nies  that  might  be  infringing.The  next  step 
was  negotiating  license  arrangements  or 
hauling  them  into  court. 

Patents  cover  more  areas  than  ever 
before,  especially  in  high  tech,  and  their 
potential  effect  on  a  company  is  corre¬ 
spondingly  greater. 

“Patents  used  to  be  intended  to  cover 
[mainly]  gadgets,” says  Jeffrey  Neuburger.a 
partner  in  Brown  Raysman  Millstein  Felder 
&  Steiner,  a  New  York  law  firm  with  a  large 
intellectual  property  practice.  “But  patents 
have  broadened  on  the  basis  of  some  rela¬ 
tively  new  case  law  to  cover  business 
processes.  Most  software  patents  today  are 
business-method  patents.” 

Lawsuits  over  such  patents  often  boil 
down  to  one  party  paying  the  other.  Losers 
such  as  Microsoft  and  eBay  —  once 
appeals  are  exhausted  —  simply  pay  the 
judgment,  along  with  any  damages,  or 
agree  to  a  license  fee. The  direct  effect  on 
their  customers  is  minimal. 

But  it’s  not  just  traditional  software  appli¬ 
cations  that  are  affected  by  the  evolution  of 
patent  litigation.  In  January,  Microsoft  alert¬ 
ed  the  Organization  for  the  Advancement 
of  Structured  Information  Standards, a  non¬ 
profit  group  that  designs  e-business  stan¬ 
dards,  that  several  Microsoft  patent  appli¬ 
cations  included  elements  that  might  be 


needed  to  implement  the  group’s  Web 
Services  Security  specification.  In  a  state¬ 
ment,  Microsoft  pledged  to  provide  a  roy¬ 
alty-free  license  to  implemented. 

Similarly,  companies  might  face  the 
need  to  protect  internal  business  methods 
from  being  hijacked  or  to  defend  them 
against  infringement  lawsuits,  as  their 
methods  become  available  to  outside  cus¬ 
tomers  and  business  partners  through 
Web  services.  Web  services  is  a  new  soft¬ 
ware  model  based  on  standards  and  inter¬ 
faces  found  in  Microsoft  .Net  or  in  Java. 
They  can  be  thought  of  as  a  simple,  stan¬ 
dard  way  for  accessing  and  using  what  in 
many  cases  had  been  an  internal  software 
application  or  even  a  single  function  in  an 
application,  such  as  order  tracking,  inven¬ 
tory  checking  or  customer  profiling.  In 
effect,  a  company  is  making  available  its 
own  intellectual  property  or  possibly  mak¬ 
ing  use  of  someone  else’s. 

“We’re  seeing  a  confirmation  of 
[increased]  patent-filing  activity  in  this 

Foiiow  the  money 

Patent  infringement  suits,  many 

of  which  involve  IT  companies, 

mean  big  bucks  these  days. 

•  Patent  licensing  revenue  is  set  to 
soarfrom  $100  billion  in  1998  to  $500 
billion  in  2005. 

•  The  average  litigation  cost  per  case 
is  $2.5  million,  with  such  costs 
typically  rising  10%  to  15%  every  year. 

•  At  least  30  cases  in  the  past  decade 
have  resulted  in  damage  awards  of 
more  than  $100  million. 

SOURCE  AON  CORP 

field,”  says  Thomas  Bergert,  a  partner  spe¬ 
cializing  in  intellectual  property  law  for 
Williams  Mullen,  Clark,  and  Dobbins  in 
Richmond,  Va.  “Companies  publishing 
Web  services  or  somehow  creating  online 
business  efficiencies  should  —  at  a  mini¬ 
mum  —  be  aware  these  creatures  [the 
patent  applications]  are  out  there  and  get 
informed  about  them.” 

Lawyers  acknowledge  that  abuses  of  the 
patent  system  are  rife. 

"There  is  a  lot  of  tension  between  patent 
rights  and  antitrust,”  Neuburger  says.  “The 
patent  holder  has  the  right  to  assert  their 
patent  rights,  but  not  to  engage  in  ‘patent 
misuse’  —  to  extract  concessions  that 
might  violate  the  antitrust  laws.” 

“Why  do  some  people  sue  for  pain  and 
suffering?”  says  Ralph  Taylor,  chair  of  the 
intellectual  property  litigation  group  at 
Dorsey  &  Whitney,  a  Washington,  D.C.,  law 
firm. “Because  some  are  out  to  get  a  buck, 
and  some  really  have  been  injured.”  The 
same  is  true  for  patent  cases,  he  says.  “You 
hope  the  court  can  sort  them  out.” 

The  abuses  could  have  an  effect  in  an 
See  Patent  page  13 


Digital  Document  Security 
and  IT:  Everything  you 
need  to  know. 

Q#  What  are  the  most  significant  digital  copier 
•  security  issues? 

A#  Various  copier  print  controllers  are  actually  servers 
•  that  queue  and  permanently  store  multiple 
document  files,  providing  administrator  access  to  the 
documents.  At  a  minimum,  most  digital  copiers  retain  the 
last  document  processed;  some  even  retain  multiple 
documents  totaling  hundreds  of  pages.  Others  redirect 
print  jobs  when  the  printer  is  busy  or  jammed,  making 
"denial  of  service"  attacks  possible. 

*  How  does  Sharp  protect  the  network  interface? 

A#  The  Sharp  Ethernet  card  allows  administrators  to 
•  restrict  access  and  disable  unnecessary  protocols. 
With  this  network  card,  the  Sharp  digital  copier  is 
essentially  protected  by  its  own  firewall. 

Q#  How  can  you  be  sure  that  security  products 
•  actually  perform  as  claimed? 

A#  The  Common  Criteria  program — administered  by 
•  the  U.S.  National  Security  Agency  and  the  National 
Institute  of  Standards  and  Technology — evaluates 
security  solutions.  Products  that  are  validated  under  the 
program  meet  security  levels  consistent  with  ISO  15408 
methodology. 

*  How  can  Sharp  improve  IT  security? 

A#  Sharp  offers  print  privacy  solutions  designed  to 
•  restrict  unauthorized  personnel  from  seeing 
confidential  materials.  Copier  access  can  be  controlled 
and  monitored,  while  documents  retained  in 
printer/copier/scanner/fax  memory  are  immediately 
cleared  to  eliminate  unauthorized  access. 

sharpusa.com 
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How  secure  is  your  digital  information? 


Protect  your  information  with  the  Data  Security 
Kit  from  Sharp.  Financial  facts,  personnel  records, 
customer  lists:  networked  copiers/printers  process 
sensitive  information  every  day.  Unfortunately,  their 
hard  drives  can  also  be  accessed  via  the  network, 
contributing  to  $60  billion  worth  of  information 
theft  every  year.*  To  protect  this  weak  link  in  your 


Common  Criteria 


corporate  security,  we've  created  our  Data  Security 
Kit.  It's  the  first  copier  and  printer  protection  to 
be  validated  by  Common  Criteria,  a  government- 
sponsored  program,  and  it's  available  only  with 
our  Digital  IMAGER™  series  of  copiers/printers. 
Sharp's  Data  Security  Kit.  Enhanced  information 
protection  at  your  fingertips,  sharpusa.com/security 
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widespread  cable  telephony 
rollouts  will  begin  in  12  to  18 
months. 

Here  come  the  MSOs 

Cable  companies  are  becom¬ 
ing  multiservice  operators 
(MSO)  to  increase  revenue  by 
offering  new  voice  and  data  ser¬ 
vices  over  their  existing  video 
infrastructures.  These  new  ser¬ 
vices  are  facilitated  by  recent 
high-speed  data  communica¬ 
tions  standards  and  advance¬ 
ments,  such  as  the  Data  over 
Cable  Interface  Specification 
(DOCSIS)  and  voice  over  IP 
(VoIP),  respectively. 

With  their  new  service  rollouts, 
MSOs  are  running  directly  into 
the  pocketbooks  of  RBOCs, 
which  also  are  trying  to  tap  new 
revenue  streams  through  DSL 
Internet  access  and  remarketing 
of  satellite  TV  service  as  their 
profits  from  traditional  voice 
taper  off. 

The  early  results  are  mixed.  In 
data,  deployments  of  cable  mo¬ 
dems  for  broadband  Internet 
access  already  outpace  DSL  by 
almost  2  to  1  —  11.6  million 
cable  modem  subscribers  vs.  6.5 
million  DSL  users  in  the  U.S., 
according  to  UBS  Warburg. 

The  overwhelming  majority  of 
those  cable  modem  services, 
however,  are  for  residential  con¬ 
sumer  use;  only  5%  of  U.S.  cable 
modem  deployments  are  for 
home  offices  or  mom-and-pop 
shops,  according  to  In-Stat/MDR. 
Business  DSL,  meanwhile,  ac¬ 
counts  for  35%  of  all  DSL  deploy¬ 
ments  in  the  U.S.,  In-Stat/MDR 
says. 

Some  cable  companies  al¬ 
ready  offer  circuit-switched 
voice  services  in  some  markets. 
But  all  are  emboldened  by  the 
operational  efficiencies  of  pack¬ 
et-switched  VoIP  and  the  oppor¬ 
tunity  to  capture  primary-  and 
secondary-line  services  from  the 
RBOCs. 

"The  gradual  increase  in  cable 
telephony  competition  is  ex¬ 
pected  to  re-accelerate  retail  line 
loss”  among  RBOCs,  UBS 
Warburgs  Hodulik  says. 

Voice  service  availability  from 
the  four  most-aggressive  MSOs  — 
Cablevision,  Comcast,  Cox  and 
Time  Warner  Cable  —  is  still  spot¬ 
ty,  however,  and  many  are  still  in 
the  trial  phase  with  VoIP 
Customers  typically  can’t  get  it 
unless  they  also  sign  on  for 
broadband  cable  modem  ser¬ 
vice,  though  some  MSOs  say  they 
soon  will  repeal  this  requirement. 


Interest  in  cable  telephony  is 
rising,  MSOs  say.  Some  report 
increasing  numbers  of  sub¬ 
scribers  as  users  reap  the  bene¬ 
fits  of  unlimited  local  and  long¬ 
distance  service,  offered  at  a 
monthly  flat-rate  discount,  when 
ordered  with  cable  TV/broad¬ 
band  Internet  access  services. 

For  example,  Cox  says  it  added 
56,170  digital  circuit-switched 
telephone  customers  in  its  sec¬ 
ond  quarter,  bringing  the  total  to 
more  than  800,000,  an  18.4%  pen¬ 
etration  rate  of  the  homes  or 
businesses  able  to  access  Cox 
telephony.  That  rate  represents 
growth  of  45%  from  last  year,  ac¬ 
cording  to  the  company 

Cox  also  has  a  VoIP  test  in 
progress  in  Roanoke, Va.,  that  the 
company  plans  to  to  expand 
sometime  this  year,  analysts  say 

Time  Warner  earlier  this  year 
launched  VoIP  service  in  Maine 
that  offers  unlimited  local,  in¬ 
state  and  domestic  long-distance 
for  $39.95  (bundled)  to  $49.95 
(unbundled)  per  month.  The 
company  has  signed  2,700  sub¬ 
scribers,  and  plans  to  expand  the 
service  to  Rochester,  N.Y,  and 
two  locations  in  North  Carolina 
later  this  year. 

Cablevision  began  offering  pri¬ 
mary-  and  secondary-line  voice 
to  its  OptimumOnline  residen¬ 
tial  customers  earlier  this  year. 
By  year-end,  all  4.4  million 
homes  in  Cablevision’s  region 
will  have  access  to  the  compa¬ 
ny’s  voice  service,  a  company 


than  1.37  million  customers,  a 
penetration  rate  of  15.5%  of  the 
homes  and  businesses  eligible 
for  the  service.  Comcast,  which 
did  not  respond  to  multiple 
requests  for  interviews,  already 
offers  circuit-switched  voice  to 
subscribers  in  Michigan  and 
Virginia,  and  began  rolling  out  a 
residential,  primary-line  VoIP  ser- 


Stepping  on  toes 


tomers  within  SBC’s  13-state 
region  next  year.  Qwest  says  its 
marketing  arrangements  with 
both  EchoStar  and  DirecTV  are 
slowing  line  losses  to  MSOs  in 
Omaha,  Neb., and  Phoenix  (Doc- 
Finder:  7249). 

Together,  EchoStar  and  DirecTV 
have  as  many  subscribers  as 
Time  Warner,  the  second-largest 


lite  video  partnerships  (Doc- 
Finder:  7252). 

Broadband  as  Trojan  horse 

Yet  telephony  penetration  is 
tied  more  closely  to  delivery  of 
high-speed  broadband  data  and 
Internet  access  service  to  homes 
and  offices  than  to  video,  ana¬ 
lysts  say.  That’s  why  RBOCs  have 


The  cable  companies,  armed  with  new  telephony  services,  have  the  RBOCs’  phone 
customers  in  their  sights. 


Cable  company 

Homes 

passed 

Telephony 
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% 

penetration 

%  ov 
SBC 
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Verizon 

T... 

BellSouth 

Qwest 

Cablevision 

160,000 

10,000 

7.5 

7.6 

78.6 

0 

0 

Comcast 

8.81  million 

1.37  million 

15.5 

29.7 

33.8 

12.7 

10.7 

Cox 

4.57  million 

840,000 

18.4 

41 

16 

16 

19 

Time  Warner 

N/A 

N/A 

N/A 

29.2 

25.4 

15 

1.9 

’Refers  to  homes  passed  by  cable  companies  as  a  percentage  of  all  primary  phone-line  customers  in 
RBOC  territories. 
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vice  in  Philadelphia  last  quarter. 

But  Comcast  lost  some  sub¬ 
scribers  and  telephony  revenue 
in  the  second  quarter  because  of 
reduced  marketing  efforts,  accor¬ 
ding  to  company  statements  on 
its  second-quarter  financial  re¬ 
sults.  Analysts  say  Comcast  is 
focusing  on  improving  its  margin 
and  reducing  its  debt,  following 
its  huge  acquisition  of  AT&T 
Broadband,  the  source  of  much 
of  its  telephony  base  (www.nw 


cable  company  in  the  country, 
says  Allan  Tumolillo,  COO  of 
Probe  Financial  Associates. 

“Cable  companies  look  at 
satellite  as  the  deadly  enemy 
because  once  that  customer 
goes  over  to  satellite  he’s  proba¬ 
bly  not  going  to  buy  anything 
from  the  cable  guy”  Tumolillo 
says.“I  don’t  think  there  are  a  lot 
of  cable  modem  customers 
who  do  not  take  cable 
television.” 


Gable  modem  momentum 


Current  and  projected  overlap  of  cable  modem  customers  with  RBOC  primary-line 
customers. 
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spokesman  says. 

Cablevision  did  not  disclose 
how  many  voice  subscribers  it 
has,  but  analysts  put  the  figure  at 
about  10,000.  The  company  has 
offered  voice  and  data  services 
to  businesses  for  a  few  years  via 
its  Lightpath  unit,  a  competitive 
local  exchange  carrier  that  oper¬ 
ates  a  SONET  network  connect¬ 
ing  1,500  buildings  in  New  York, 
New  Jersey  and  Connecticut. 

The  largest  cable  telephony 
company  is  Comcast,  with  more 


fusion.com,  DocFinder:  7248). 

Battling  Bells 

RBOCs  are  not  standing  pat. 
SBC  and  Qwest  recently  an¬ 
nounced  deals  with  cable  com¬ 
panies’  staunchest  rivals  —  satel¬ 
lite  TV  providers  —  to  bundle 
video  programming  into  their 
voice,  wireless  and  broadband 
Internet  access  packages. 

SBC  has  an  exclusive,  $500  mil¬ 
lion  arrangement  with  EchoStar 
to  offer  the  Dish  Network  to  cus¬ 


Verizon  and  BellSouth  have  yet 
to  divulge  their  video  bundling 
plans,  but  observers  expect  them 
also  to  sign  deals  with  EchoStar 
and  DirecTV.  Verizon  says  its 
long-term  tripleplay  strategy  will 
be  based  on  fiber-to-thepremise 
(FTTP),  which  the  RBOC  says  it 
will  start  deploying  next  year 
(DocFinder:  7251). 

Observers,  however,  say  the 
RBOCs  will  be  slow  to  invest  in 
and  deploy  FTTP  while  they 
enhance  DSL  and  develop  satel¬ 


been  lowering  the  prices  of  DSL 
service  so  dramatically  —  to 
stave  off  further  penetration  by 
cable  modems  that  potentially 
could  replace  RBOCs’  primary 
voice  lines  into  homes  and 
businesses. 

For  instance,  in  June  Verizon 
lowered  its  DSL  monthly  fee  by 
up  to  $10  if  purchased  as  part  of 
an  unlimited  local/long-distance 
and  wireless  bundle.  As  part  of 
the  same  package,  the  company 
boosted  the  downstream  speed 
to  1.5M  bit/sec.  SBC  soon  fol¬ 
lowed  suit,  as  did  BellSouth. 
Qwest  lowered  its  bundled  and 
unbundled  DSL  prices  by  $5  to 
$15  per  month  (see  details  at 
DocFinder:  7253). 

The  silver  bullet  for  RBOCs, 
though,  could  be  wireless, 
which  has  become  very  popu¬ 
lar  with  businesses  and  con¬ 
sumers  as  the  result  of  minutes- 
of-use  packages  that  include 
huge  numbers  of  minutes  at 
very  low  cost.  Offering  attractive 
wireless  bundles  potentially 
can  replace  landline  revenue 
that  RBOCs  lost  to  MSOs  and 
other  mobile  wireless  opera¬ 
tors,  analysts  say. 

Wireless  makes  SBC’s  triple¬ 
play  bundle  a  “quadruple  pla/ 
officials  at  the  RBOC  boast. 

“Wireless  is  a  key  point  of  dif¬ 
ferentiation, ’’says  Gordon  Brown, 
executive  director  of  alliance 
management  at  SBC.  "When 
stacked  up  with  broadband,  tele¬ 
phony  and  now  video  in  our 
bundle,  we  think  it  positions 
us  well.” 

See  RBOCs,  page  11 
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Bronx 

continued  from  page  1 

path  and  by  September  will  upgrade  its 
network  from  LAN  core  to  edge  with  10G 
technology,  which  to  date  has  been  used 
mostly  in  the  unusually  high-powered  net¬ 
works  of  research  facilities  such  as 
Lawrence  Berkeley  National  Labs  and  San 
Diego  Supercomputing  Center. 

Morreale  says  he  feared  that  even  1G 
bit/sec  might  be  outpaced  by  the  hospi¬ 
tal’s  ballooning  LAN  bandwidth  needs 
—  wiring  closets  and  the  backbone 
were  running  at  85%  utilization.  He 
decided  10G  in  the  core  would  be  the 
cure. 

“We’ve  had  some  high-bandwidth  stuff 
in  place  for  a  while,  but  we  knew  some 
even  heavier  stuff  was  coming,”  Morreale 
says.’The  flat  network  and  low  bandwidth 
wasn’t  going  to  cut  it.” 

In  recent  years  the  hospital  added  digi¬ 
tized  medical-imaging  technology,  which 
allows  X-rays,  MRIs  and  other  images  to  be 
viewed  and  stored  on  computers  instead 
of  film  and  videotape.  Also,  doctors  and 
clinicians  commonly  dictate  notes  into 
their  desktop  PCs  instead  of  onto  dicta¬ 
tion  minicassettes.  That  prompted  the  IT 
staff  to  set  up  servers  and  storage  for  the 
bulky  voice  note  files.  Videoconferencing 
among  NBHN  staff  in  separate  buildings 


also  was  taking  off. 

For  procuring  the  10G  gear,  Cisco  was 
first  on  the  minds  of  Morreale  and  his 
staff. 

“We  had  such  a  good  track  record  with 
them,  we  thought  it  would  be  a  straight¬ 
forward  upgrade,”  Morreale  says.  As  a  city- 
managed  entity,  NBHN  must  put  out  com¬ 
petitive  bids  for  any  major  projects.  This 
gave  vendors  such  as  Cisco,  Enterasys 
Networks,  Extreme  Networks  and  Nortel  a 
foot  in  the  door. 

While  the  upgrade  has 
been  smooth,  Morreale 
says  a  couple  of  unex¬ 
pected  costs  came  up. 

The  decision  came  down  to  Cisco  and 
Extreme,  Morreale  says,  and  the  hospital 
chose  Extreme  “based  on  price  and  func¬ 
tionality"  The  total  network  upgrade  cost 
$3.5  million,  plus  installation  from 
Extreme,  he  adds.  He  wouldn’t  say  what 
the  Cisco  bid  was,  only  that  the  Extreme 
price  was  “significantly  lower” 

In  July  NBHN  upgraded  its  core  and  dis¬ 
tribution  layers,  which  consist  of  two 


RBOCs 

continued  from  page  10 

SBC  and  Qwest  have  yet  to  see  any  MSOs 
in  their  regions  partner  with  a  wireless 
operator  or  disclose  any  wireless  plans.  But 
analysts  say  it’s  a  must  in  an  MSO  bundle. 

“Cable  comes  to  the  table  now  with  a 
bundle  that  excludes  wireless,”  Probe’s 
Tumolillo  says.’The  cable  companies  need 
to  find  some  partners  on  the  wireless  side.” 

The  cable  advantage 

An  advantage  for  the  cable  companies 
could  be  their  heritage  in  video,  though 
satellite  use  also  is  growing  each  quar¬ 
ter,  analysts  say.  Another  perceived 
advantage  could  be  the  ability  of  MSOs 
to  offer  services  over  a  single  common 
infrastructure,  SBC’s  Brown  says.  RBOCs 
provision  their  bundled  services  over 
multiple  facilities,  such  as  satellite 
video,  that  they  don’t  even  own. 

“Is  that  a  true  bundle?  It  won’t  be  as 
convenient  or  efficient  or  as  compelling 
as  what  cable  is  offering,”  says  Mike 
Paxton,  an  analyst  at  In-Stat/MDR. 
Remarketing  arrangements  have  failed 
in  the  past.  We’ll  have  to  see  how  they 
really  offer  it  and  how  they  price  it  and 
what  kind  of  synergies  really  exist 
before  we  can  say  that’s  a  real  competi¬ 
tive  service  bundle  to  what  the  cable 
guys  are  offering.” 

Get  more  information  online. 

DocFinder:  7243 
■vv.mrfvsMn.CM 


A  true  bundle  is  in  the  eye  of  the 
beholder,  Brown  says. 

“If  the  customer  experience  is  seamless 
and  the  billing  experience  is  seamless,  I 
don’t  think  [a  common  facility]  necessar¬ 
ily  resonates  with  the  customer  as  an 
advantage,”  he  says. 

So  it’s  too  early  to  call  who  has  the  over¬ 
all  advantage  in  offering  a  triple-play  bun¬ 
dle.  Cable  companies  have  the  majority  of 
broadband  access  subscribers  and  the 
“bundled”  infrastructure;  RBOCs  have 
wireless  and  the  business  presence. 

“If  people  want  really  high-speed 
Internet,  the  edge  may  tilt  toward  cable,” 
Probe’s  Tumolillo  says.  “If  the  decision  is, 
‘I’m  OK  with  DSL,’  then  the  telcos  have 
the  edge  because  they  have  mobility,  and 
they  can  get  you  everything  else  that  you 
need.  After  that,  it  gets  very  dicey”  ■ 


Clarification 


■  In  a  story  headlined  "NetWare  at  a 
I  crossroads,"  published  on  page  1,  Aug. 

1 11,  a  quote  from  IDC  research  director  Al 
I  Gillen  may  have  been  misinterpreted. 

|  Gillen's  comment  was  related  to  Novell’s 
potential  to  become  relevant  to  cus- 
I  tomers  outside  its  existing  NetWare  cus- 
|  tomer  base,  and  that  Linux,  not  Novell's 
Nterprise  Linux  Services,  gives  the  com 
A  pany  an  application  server  platform. 


Extreme  BlackDiamond  switches  in  the 
core  linked  to  BlackDiamonds  in  two 
adjacent  buildings  via  10G  running  over 
redundant  fiber.  BlackDiamonds  soon  will 
hook  up  the  entire  server  farm  —  100 
nodes  —  with  Gigabit  connections,  with 
10G  running  back  to  the  core  (see  dia¬ 


gram,  page  16). 

Sixty-five  wiring  closets  are  being  de¬ 
ployed  with  a  mix  of  Extreme’s  Alpine 
chassis  switches  and  Summit  stackable 
switches,  providing  mostly  Fast  Ethernet 
links  to  about  8,000  PCs  and  other 
See  Bronx,  page  16 
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Chip  vendor  claims  wireless  breakthrough 


■  BY  JOHN  COX 

A  start-up  is  sampling  a  chipset 
that  it  says  will  improve  dramati¬ 
cally  the  range  and  performance 
of  wireless  LANs,  and  eliminate 
current  security  problems. 

Airgo  Networks’  chipsets  blend 
advances  from  several  technolo- 
gies.The  result, CEO  Greg  Raleigh 
says,  will  be  WLAN  access  points 
with  two-and-a-half  to  five  times 
the  range  of  existing  products 
and  at  least  two  to  four  times  the 
throughput  of  existing  WLAN 
products. They  also  will  maintain 
throughput  at  longer  distances, 
he  says. 


Airgo  chips  for  802.11a  could 
reach  300  feet  or  more  and  sup¬ 
port  a  minimum  throughput  of 
about  34M  bit/sec.The  maximum 
802.11a  data  rate  is  54M  bit/sec, 
with  a  range  at  that  rate  of  about 
100  feet.  (It  can  reach  further  but 
the  rate  drops.)  Actual  802.11a 
throughput  typically  is  in  the  17M 
to  22M  bit/sec  range. 

Those  kinds  of  numbers,  if 
proven,  could  dramatically  lower 
WLAN  installation  costs  by  sharp¬ 
ly  cutting  the  number  of  access 
points  that  have  to  be  installed 
and,  most  importantly,  wired  into 
the  existing  cable  plant. 

Airgo  has  achieved  its  advances 


by  turning  chief  weaknesses  of 
radio  technology  into  a  strength 
through  something  called  multi¬ 
ple-input  multiple-output  (MIMO) 
technology.  The  weakness  is  a 
characteristic  of  radio:  When  you 
transmit  a  radio  signal  from  one 
antenna,  the  energy  bounces  off 
various  items,  such  as  cabinets 
and  walls, creating  multiple  signal 
paths  to  a  receiver  that’s  not  in  a 
direct  line  of  sight. 

This  is  called  multi-path  propa¬ 
gation,  which  distorts  the  overall 
signal. The  receiver  takes  the  best 
signal  path  and  processes  it. 

Airgo’s  chips  send  and  receive 
via  multiple  antennas:  client 


cards  would  have  two,  access 
points  would  have  three.  The 
antennas  collect  all  the  signals, 
and  Airgo’s  algorithms  combine 
and  process  them  to  create  the 
best  possible  reception. 

“We’ve  taken  what  had  required 
$100  worth  of  silicon  and  re¬ 
duced  it  to  tens  of  cents,”  Raleigh 
says. 

The  chips  contain  the  full  range 
of  security  standards:  Wired  Equi¬ 
valent  Privacy,  Wi-Fi  Protected 
Access,  VPN  termination,  802. lx 
authentication  and  Advanced 
Encryption  Standard. 

Airgo  is  not  alone  in  trying  to 
advance  wireless  silicon.  Aether, 


Broadcom  and  Intel  are  major 
players,  and  all  are  working  with 
MIMO.  Other  rivals  are  start-ups 
such  as  Engim  (see  www.nwfu 
sion.com,  DocFinder:  7246,  with 
more  details  from  Kevin  Tolly, 
DocFinder:  7247). 

The  company  has  signed  con¬ 
tracts  with  electronics  makers, 
and  is  in  talks  with  WLAN  hard¬ 
ware  vendors  that  take  the 
boards  and  incorporate  them 
into  finished  access  points  or 
client  adapter  cards.  Raleigh 
declined  to  name  these  compa¬ 
nies.  He  expects  the  first  Airgo- 
powered  products  to  be  avail¬ 
able  by  year-end.  ■ 


Server  management  suites 


Vendors  have  a  variety  of  software  to  integrate  into  server  management  packages, 
which  discover,  monitor  and  control  servers  on  the  network. 
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N/A 
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Nimbus 

continued  from  page  1 

updating  patches,  analysts  say. 

According  to  sources,  Nimbus 
will  be  an  amalgamation  of  HP’s 
server  management  tools:  Insight 
Manager,  the  old  Compaq  tech¬ 
nology  that  monitors  Windows 
and  Alpha  servers,  and  Service- 
control  Manager  for  HP-UX  and 
Linux  systems.  HP  Toptools  De¬ 
vice  Manager,  which  managed 
multiple  platforms,  was  discon¬ 
tinued  last  year,  but  its  features 
are  expected  to  be  integrated 
in  Nimbus. 

HP  declined  to  comment  on 
Nimbus,  but  sources  say  a  base 
version  is  expected  to  ship  with 
HP  servers  within  months. 

The  package  is  an  upgrade  to 
Insight  Manager,  which  brings 
HP’s  management  and  monitor¬ 
ing  expertise  to  the  legacy 
Compaq  product,  says  Jason 
Robohm,  director  of  technical 
services  at  Crossmark  Holdings  in 
Plano,  Texas.  Crossmark,  which  is 
testing  the  Nimbus  software,  is  a 
longtime  ProLiant  customer. 

“The  advantage  for  us  is  we’re 
seeing  thinner  and  thinner  load 
on  the  server  and  more  [remote 
monitoring]  and  SNMP-type 
polling,  which  means  you  have 
less  overhead  and  fewer  things  to 
update  in  the  way  of  agents,” 
Robohm  says.That’s  the  direction 
where  we  see  this  new  version  of 
Insight  Manager  heading:  almost 
an  HP  Open  View  look  and  feel, 
but  not  meant  to  be  providing 
network-related  uptimes  and  cor¬ 
relation.  but  instead  give  you  the 
kind  of  information  about  a  spe¬ 
cific  box  and  performance  of  that 
particular  box. 

“So  it's  collecting  all  the  infor¬ 
mation  like  Insight  Manager  used 


to,  but  saying  ‘I’m  not  worried 
about  operating  system  differ¬ 
ences  because  I’m  using  indus¬ 
try-standard  ways  of  gathering 
information  ’  ”  Robohm  says. 

The  capabilities  in  Nimbus  are 
important,  analysts  note,  because 
server  management  software 
feeds  into  larger,  higher-level  net¬ 
work  management  systems  such 
as  HP  OpenView  and  IBM’s  Tivoli 
product,  which  are  used  to  man¬ 
age  heterogeneous  servers,  stor¬ 
age  and  other  resources. 

“The  last  few  versions  of  Insight 
Manager  have  been  pretty  ad¬ 
vanced  for  server  management,” 
says  Jamie  Gruener,  a  senior  ana¬ 
lyst  for  The  Yankee  Group.’To  con¬ 
solidate  Insight  Manager  with  HP- 
UX  management  is  awesome.  It’s 
been  a  common  problem  for 
server  management  —  having  dif¬ 
ferent  tools  for  different  server 
operating  systems.” 

Insight  Manager  identifies,  iso¬ 
lates  and  resolves  problems  on 
HP  ProLiant  servers,  blades  and 
their  Alpha  servers;  Service- 
control  Manager  performs  fault 
monitoring,  configuration  and 


workload  management  of  HP-UX 
or  Linux  systems;  and  Toptools 
performed  fault  and  inventory 
management  on  former  HP 
Netservers  and  HP-UX  machines. 

With  Nimbus,  users  will  no 
longer  have  to  jump  from  console 
to  console  to  control  the  various 
server  nodes  on  their  networks. 
Instead,  they  will  have  an  inte¬ 
grated  view  of  systems  running 
Windows,  Linux  and  HP-UX. 

Today,  server  management  soft¬ 
ware  from  all  systems  vendors 
require  console-hopping  to  man¬ 
age  heterogeneous  systems.  IBM, 
for  example,  has  IBM  Director  to 
manage  servers  running  Win¬ 
dows,  Linux  and  NetWare,  but  AIX 
systems  are  handled  through  dif¬ 
ferent  software.  Sun’s  Sun  Man¬ 
agement  Center  will  handle  only 
Solaris  running  on  scalable  pro¬ 
cessor  architecture  and  Intel- 
based  boxes,  although  there  are 
plans  to  extend  that  software  to 
encompass  Linux,  analysts  say 
Sun’s  Cobalt  appliances  use  the 
Sun  Cobalt  Control  Station  soft¬ 
ware,  Sun  officials  say 

But  while  the  focus  has  been  on 


server  consolidation,  “the  man¬ 
agement  stuff  has  lagged  behind,” 
says  Jonathan  Eunice,  principal 
analyst  at  Illuminata.  “Manage¬ 
ment,  from  a  user  point  of  view,  is 
one  of  the  first  places  you  should 
go.  IBM  has  been  counterintuitive 
about  working  on  hardware  con¬ 
solidation  before  working  on 
management  consolidation.  Only 
this  year  have  they  talked  about 
managing  other  IBM  platforms 
such  as  AIX.” 

Eunice  says  users  should 
expect  vendors  to  move  in  this 
direction,  however, as  barriers  col¬ 
lapse  in  data  centers  with  Unix, 
Linux  and  Windows  environ¬ 
ments  working  more  in  tandem 
as  workloads  are  consolidated. 

“Today  IBM  Director  is  included 
with  the  purchase  of  our  xSeries 
servers,”  says  Ted  Mazanec,  prod¬ 
uct  manager  for  IBM  Director. 
“IBM  Director  supports  all  Intel- 
based  hardware,  but  going  for¬ 
ward,  we  will  be  converging  some 
of  our  systems  management  tools 
so  that  we  have  a  common  man¬ 
agement  platform  and  console 
for  customers  who  want  to  man¬ 


age  beyond  Intel.  [With  IBM 
Director]  the  customer  would  not 
have  to  use  different  tools.” 

Users  say  an  integrated  server 
management  system  will  be  a 
boon  in  the  data  center. 

“It  will  make  operations  a  little 
more  seamless  for  us,”  says  Mark 
Deck,  director  of  infrastructure 
technology  for  NMHCrx,  a  phar¬ 
macy  benefit  manager  in  Fbrt 
Washington,  N.Y  He  says  an  inte¬ 
grated  tool  will  eliminate  the 
headache  of  having  to  imple¬ 
ment  and  run  two  separate  man¬ 
agement  packages. 

Crossmark’s  Robohm  agrees. 
“The  ability  for  Crossmark  to  look 
at  its  entire  fleet  of  servers  in  a 
Wintel  environment  and  in  Linux 
environments  in  a  single  report¬ 
ing  engine  is  important  because 
it  allows  us  to  look  at  one  place 
and  see  the  health  of  an  entire 
mission-critical  infrastructure,”  he 
says.  “The  other  option  is  we 
would  have  to  look  at  almost  a 
Batmans  [utility]  belt  worth  of 
reporting  solutions  and  then  try 
to  aggregate  that  information 
together  to  get  a  concise  picture 
of  the  uptime  and  status  and 
health  of  our  infrastructure.” 

What  it  boils  down  to  is  better 
efficiencies  and  cost  savings  in 
the  long  run,  analysts  say 

“A  consolidated  platform  takes 
fewer  people  to  run  everything,” 
says  Terry  Shannon,  an  analyst  at 
consulting  firm  Shannon  Knows 
HPC.“If  you’re  running  ProLiants 
and  Superdome  with  Linux  in 
one  partition,  HP-UX  in  another 
and  Windows  in  another,  do  you 
want  to  have  four  management 
[packages],  or  do  you  want  to 
have  one?"B 

Get  more  information  online. 
DocFinder:  7242 
www.nvfiniw.eM 
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(DoS)  attack  on  its  Windows 
Update  Web  site  the  next  day  by 
the  compromised  machines. 

Blaster,  which  quickly  took  its 
place  alongside  Code  Red, 
Nimda  and  MS-SQL  Slammer  as 
one  of  the  most  disruptive 
worms  in  history,  also  has  begun 
spawning  variants  —  including 
one  called  Teekids  —  that  could 
do  damage  of  their  own.  Con¬ 
cerns  also  were  mounting  that 
there  is  a  separate  DoS  vulnera¬ 
bility  in  Microsoft’s  Remote 
Procedure  Call  (RPC)  interface 
that  also  can  be  targeted  and 
that  might  require  another  round 
of  patching. 

Blaster,  which  spreads  by  scan¬ 
ning  for  Windows  XP  NT,  2000 
and  2003  machines  that  never 
were  patched  for  the  RPC  vul¬ 
nerability  discovered  last  month, 
wreaked  havoc  with  networks 
across  industries,  including  edu¬ 
cation,  banking  and  government. 

Productivity  drain 

“This  has  been  a  huge  produc¬ 
tivity  drain,"  says  Tom  Danford, 
associate  provost  and  CIO  at  the 
University  of  Dayton  in  Ohio, 
which  had  several  LAN  sub-nets 
infested  with  Blaster  scanning. 
“We  don’t  have  much  control 
over  the  students’  computers  on 
these  LANs.” 


Big  blast 

Estimates  vary  widely 
—  from  a  few  hundred 
thousand  to  20  million  — 
as  to  how  many 
computers  Blaster 
infected. 


The  university  blocked  Blaster, 
which  slipped  in  via  Port  135,  at 
the  Internet  gateway  by  using  an 
intrusion-prevention  appliance 
from  TippingPoint  Technologies. 
But  that  didn’t  help  stop  out¬ 
breaks  that  started  inside  the  net¬ 
work  as  students  turned  on 
unpatched  machines  infected 
elsewhere. 

Danford  says  he  expects  more 
outbreaks  as  students  return  en 
masse  to  campus  Aug.  23.  The  IT 
staff  is  preparing  a  Blaster 
“awareness”  campaign  to 
encourage  everyone  to  ensure 
their  PCs  are  patched. 

Companies  in  the  business  of 
securing  IT  networks  were  quick 
to  offer  estimates  on  the  overall 
damage  caused  by  Blaster,  also 


known  as  MSBlast  and  LoveSAN. 
Security  outfit  RedSiren,  for 
instance,  pegged  the  damage  in 
lost  productivity  as  IT  staff  went 
about  checking  for  and  cleaning 
up  infected  computers  at  $320 
million,  not  counting  business- 
related  losses. 


TruSecure's  Russ  Cooper 
pressured  Microsoft  to  patch  a 
version  of  Windows  2000  it 
initially  wouldn't  support. 

The  Federal  Reserve  Bank  of 
Atlanta  and  the  Maryland  Motor 
Vehicle  Administration  in  Glen 
Burnie  shut  down  their  offices 
last  Tuesday  as  network  staff 
there  eradicated  Blaster  out¬ 
breaks  that  rendered  LANs  use¬ 
less  through  excessive  scanning. 
The  Maryland  organization  sent 
out  a  SWAT  team  that  night  to  all 
23  of  its  offices  to  detect  and 
eradicate  the  Blaster  worm  on 
1,700  computers  and  patch 
them,  a  spokesman  says. 

Also  affected  were  the  Cox 
newspapers,  which  suffered  dis¬ 
ruptions  across  a  shared  back¬ 
bone.  They  also  had  limited 
Internet  access  at  one  point. 

Patching  process 

In  light  of  such  problems,  the 
issue  of  patching  to  prevent 
Blaster  infection  was  a  much- 
debated  subject  in  corporate  IT 
departments  last  week. 

Some  IT  staffs  came  to  the 
belated  discovery  that  the 
patch  Microsoft  issued  July  16 
doesn’t  work  on  all  four  Service 
Packs  (SP)  for  upgrades  to 
Windows  2000.  Officially, 
Microsoft  has  indicated  the 
patch  applies  only  to  SP3  and 
SP4  because  the  company 
doesn’t  develop  patches  for 
older,  “unsupported”  releases 
such  as  SP1  and  SP2. 

But  many  organizations  using 
older  versions  of  Windows  2000 
went  looking  for  a  patch  last 
week  as  Blaster  rocketed  across 
the  Internet.  The  online  comput¬ 
er-security  forum  NTBugtraq, 
moderated  by  Russ  Cooper  of 
managed  security  services  ven¬ 
dor  TruSecure,  focused  its  discus¬ 
sion  on  analysis  that  showed  that 
the  MS03-026  patch  needed  to 


•  Direct  users  outside  your  control  (on  campus,  for  example)  to  get  . 
a  patch  at  windowsupdate.microsoft.com  (alternate  site,  if  needed, 
is  www.microsoft.com/download)  and  to  scrub  for  infections. 

•  Direct  users  to  vendor  sites  such  as  Symantec’s  that  have  free 

detection  and  scrub  tools.  _  •  ~'V;  . 

•  Use  firewall  or  other  gateway  protection  to  block  Port  135  inbound 
and  outbound  where  Blaster  travels. 

•  Also  block  Port  69/UDP,  139TCP  and  UDP,  445TCP  and  UDP, 
and  444TCP. 


•  Do  not  block  Port  135  inside  the  corporate  network,  because  it 
renders  many  Microsoft-based  applications  unusable. 


stop  Blaster  would  work  on  Win 
2000  SP2. 

The  NTBugtraq  debate  and  cry 
for  patch  support  got  Microsoft’s 
attention:  The  company  took 
what  it  said  was  the  unusual 
course  of  acknowledging  the 
patch  does  work  for  SP2. 

“It  just  wasn’t  tested  for  SP2,” 
says  Stephen  Toulouse,  security 
program  manager  for  Microsoft 
Security  Response  Center.  In 
stating  support  for  the  patch  on 
SP2,  he  says  Microsoft  was 
breaking  with  its  customary 
“life-cycle  policy’ which  can  cre¬ 
ate  a  “weird  time  zone”  in  terms 
of  patching. 

“1  believe  SP2  is  the  most 
widely  deployed  version  of 
Windows  2000  in  corporations 
today?’  Cooper  says.  “Companies 
will  have  to  wait  until  all  or  most 
of  their  software  suppliers  sup¬ 
port  an  SP  before  they  will 
upgrade.  Many  [software  ven¬ 
dors]  haven’t  stated  they  sup¬ 
port  SP3  yet  despite  SP4  being 
available.  Ergo,  many  companies 
have  stayed  on  SP2.” 

Toulouse  says  he  doesn’t  think 
Microsoft  has  information  on 
what  SPs  its  customers  are  using. 

However,  the  MS03-026  patch 
doesn’t  work  for  SP1,  and  that 
had  some  organizations  rapidly 
upgrading. 

The  University  of  Denver’s 


business  school  computer  lab, 
which  uses  Win  2000  with  SP1, 
determined  that  it  took  only  4 
minutes  early  Monday  evening 
for  the  worm  to  tear  into  90 
machines.  Ken  Stafford,  vice 
chancellor  of  technology,  says 
he  immediately  blocked  Port 
135  when  he  determined  what 
was  happening. The  worm  even¬ 
tually  infected  500  desktops  and 
had  100  people  scrambling  to 
protect  systems. 

“On  Tuesday  we  were  blocking 
52,000  hits  per  minute  at  our  fire¬ 
wall,”  Stafford  says.  “All  the  block¬ 
ing  brought  our  firewall  to  92% 


of  CPU  usage,  which  slowed 
everything.” 

The  university  removed  the 
worm  with  tools  from  Sophos 
and  Symantec,  but  found 
Microsoft  Office  disabled  and 
tough  to  reinstall. 

The  school  upgraded  its  Win 
2000  machines  to  SP4  and 
installed  the  patch,  but  still  was¬ 
n’t  able  to  reload  Office  until  the 
machines  were  disconnected 
from  the  Internet.* 

Get  more  information  online. 
DocFinder:  7244 
www.nwfusion.com 
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continued  from  page  8 

arena  that’s  often  overlooked, 
but  one  that  could  affect  enter¬ 
prise  users:  standards  groups. 
Such  groups  typically  have 
policies  that  require  partici¬ 
pants  to  disclose  any  patents  or 
patent  applications  that  could 
be  infringed  by  the  implemen¬ 
tation  of  the  standard  being 
created,  such  as  one  for  Web 
services  security  or  a  radio 
modulation  technique  in  the 
IEEE  802.11  wireless  IAN  stan¬ 
dard. 

Participants  usually  agree  to 
declare  these  patents  and  give 
up  certain  rights,  says  Andrew 
Updegrove,  a  partner  with 
Lucash,  Gesmar  &  Updegrove,  a 
Boston  law  firm  that  specializes 
in  working  with  standards 
groups.  The  firm  just  filed  a 
“friend  of  the  court”  brief  with 
the  U.S.  Supreme  Court  in 
Rambus  v.  Infineon,  a  patent 
case  that’s  been  dragging  on  for 
a  decade.  Updegrove  and  others 
contend  that  Rambus  partici¬ 
pated  in  a  group  that  creates 
standards  for  memory  chips, 
then  withdrew  at  the  last 


moment  and  revealed  several 
patents  that  it  claimed  were 
being  infringed.  Insiders  call 
this  a  “submarine  patent” 
because  it  surfaces  out  of 
nowhere. 

If  Rambus  prevails,  Updegrove 
says,  patent  holders  will  hesitate 
to  join  standards-setting  efforts 
or  abandon  them  altogether. 

In  May,  the  Worldwide  Web 
Consortium,  a  nonprofit  group 
that  oversees  Web  standards,  for¬ 
mally  adopted  a  royalty-free 
patent  policy.The  policy  requires 
all  participants  to  agree  to 
license,  without  royalties,  any 
patents  that  threaten  to  block 
interoperability. 

Many  of  these  issues  and  deci¬ 
sions  are  beyond  the  control  of 
network  executives.  But  they  can 
take  steps  to  protect  their  com¬ 
panies. 

One  key  measure  is  to  incor¬ 
porate  a  very  good  indemnity 
agreement  in  contracts  with 
your  high-tech  suppliers,  Mira- 
bito  says.  If  a  patent  holder 
forces  you  to  pay  a  license  fee, 
the  indemnity  clause  will  let  you 
get  repaid  by  the  vendor. 

With  software,  especially,  “en¬ 
sure  the  software  is  not  infring¬ 


ing”  on  anyone’s  patent,”  Taylor 
says. “There  are  contractual  pro¬ 
visions  that  you  can  put  into  a 
software  license  that  can  give 
you  some  protection  against 
this.” 

Consider  patent  infringement 
insurance,  Mirabito  says.  But  be 
prepared  to  pay  for  the  protec¬ 
tion  it  offers.“It’s  relatively  expen¬ 
sive,”  he  says.“But  it  protects  you 
if  you  get  sued  by  paying  the 
legal  fees  and  so  on."B 


Know-It-All 


■  THIS  WEEK’S  QUESTION: 

Which  company  has  a 
user  group  called 
Encompass? 


Answer  this  and  nine  additional  questions 
online  and  you  could  win  $500!  Visit 

Network  World  Fusion  and  enter  2349 

in  the  Search  box. 
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Dell  has  a  customized  IT  solution  for  your  business,  no  matter  what  business  you're  in,  or  what  size  it  is.  From  PowerEdge” 

servers  featuring  Intel®  XeorT  processors  to  PowerVaulf  Storage  and  PowerConnecf“  switches,  Dell  offers  flexible,  high-performance 
industry-standard  technologies  and  software  solutions  that  are  just  right  for  your  particular  business  needs.  And  well  help  you  every  step 
along  the  way.  Whether  it's  planning  and  design,  testing  and  validation,  systems  management,  or  our  award-winning  24  x  7  service  and 
support,  Dell  will  help  you  create  an  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage.  So  make  life  easy  on  yourself  and  get  a 
big  advantage  over  your  competition  -  with  a  unique  IT  solution  from  Dell. 

Dell  Rated  #1  in  Intel-Based  Server  Satisfaction 

20  Out  of  21  Consecutive  Quarters 
Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

Fourth  Quarter  2002 
-  April  2003 
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FILE  AND  PRINT  SERVERS 

From  entry-level  servers  to  robust  rack-mountable  solutions  that  fit  existing  infrastructures. 


NEW  PowerEdge™  400SC  Server 

Entry-Level  Value  Server 

•  Intel'  Celeron'  Processor  at  2GHz 

•  Upgradable  to  Intel'  Pentium®  4  Processor  at  3.20GHz 

•  800MHz  Front  Side  Bus 

•  128MB  266MHz  ECC  DDR  SDRAM  (Up  to  4GB) 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Embedded  Intel'  PRO  Gigabit''  NIC 

•  1-Yr  24* *7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service1 

•  Small  Business  Pricing 


NEW  PowerEdge™  650  Server 

Low-Cost,  General-Purpose  1U  Server 

•  Intel*  Pentium®  4  Processor  at  2.40GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3GHz 

•  128MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  3GB  of  Memory 

•  20GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  146GB  of  Internal  Hard  Drive  Storage 

•  Intel®  PRO  Gigabit50  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 


$399 


E-VALUECode:  18599-S20803g 


^  as  low  as  $32/mo.,  (46  pruts?) 

**  I  §  qj  E-VALUE  Code:  18599-  S20811g 


DATABASE  AND  WEB  HOSTING  SERVERS 
Application-specific  servers  that  can  meet  most  any  challenge. 


PowerEdge™  2600  Server 

High-Performance  Tower  Server 

•  Intel*  Xeon”  Processor  at  2.80GHz 

•  Dual  Intel®  Xeon”  Processor  Capable  (Up  to  3.06GHz) 

•  512MB  200MHz  ECC  DDR  SDRAM  (Up  to  6GB) 

•  Upgradable  to  6GB  of  Memory 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Active  ID  Bezel  for  Manageability 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

C  4  as  low  as  $43/mo.,  (46  pints') 

|  E-VALUECode:  18599-S20815 


NEW  PowerEdge™  1750  Server 

1U  High-Performance  Rack  Server 

•  Intel®  Xeon”  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.06GHz) 

•  256MB  266MHz  ECC  DDR  SDRAM  (Up  to  8GB) 

•  36GB  (1  OK  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Integrated  Dual-Channel  Ultra320  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

C  4k  as  low  as  $46/mo„  (46  pints*) 

V  E-VALUECode:  18599- S20816g 


SERVICES 

Purchase 

•  Dell  offers  a  wide  range  of  reliable,  award-winning 
technology,  all  delivered  from  a  single  point  of 
contact  -  and  our  expert  sales  associates  are 
there  to  help  you  find  the  technology  that's  right  for 
your  business. 

Installation  -  Starting  at  S199 

•  Once  you've  selected  the  right  technology,  Dell  can 
help  you  get  it  up  and  running  quickly  and  cost- 
effectively  with  our  custom  on-site  installation  and 
configuration  services. 

Training  &  Certification  -  Starting  at  $100 

•  After  installation,  Dell  can  help  turn  your  employees 
or  IT  staff  into  experts  on  your  new  technology 
through  a  variety  of  training  and  certification  courses  - 
helping  increase  your  business'  long-term  productivity. 

Service  &  Support 

•  The  support  doesn't  end  at  the  sale.  Dell's  award¬ 
winning  service  and  support  offerings  help  ensure 
that  your  new  network  remains  up  and  running  - 
with  Web,  phone  or  on-site  service3  and  support. 


4-WAY  SERVERS 

Handle  intense  networking  needs  with  ease. 

PowerEdge™  6600/6650  Servers 

Quad  Processing  Power  in  Rack-Mountable  or 
Tower  Form  Factors 

•  Up  to  Four  Intel®  Xeon”  Processors  at  2GHz 

•  Up  to  32GB  DDR200  ECC  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s)  Controller 

•  Standard  Hot-Swap  Hard  Drives,  Hot-Swap  Redundant  Fans 
and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

as  low  as  $148/mo..  (46  prats?) 

starting  at 


NETWORK  SWITCHES 
Design  a  powerful  network  with  scalable, 
high-performance  switches. 


PowerConnect™  2000/3000/5000  Switches 


PowerConnect  ”  2000  Series  -  Starting  at  s89 

•  Affordable,  Easy-to-lnstall  Unmanaged  Switches 

PowerConnect”  3000*  Series  -  Starting  at  *549 

•  Stackable,  Enterprise-Class  Managed  Switches 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

PowerConnect”  5000*  Series  -  Starting  at  *1199 

•  High-Performance,  All-Gigabit  Managed  Switches 

•  Layer-3  Aware  Class  of  Service  Prioritization 

Next  Business  Day  Advanced  Exchanged  Service53  Included 


STORAGE  OPTIONS 
Improve  your  network's  capabilities. 

Dell  PowerVault™  725N  NAS  

Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  1 ,70GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  2.60GHz 

•  4x40GB  (160GB)  IDE  Hard  Drives 

•  Up  to  1  Terabyte  of  Internal  Storage  Capacity 

•  Microsoft®  Windows®  Powered  Network  Attached  Storage 

4  T  as  low  as  $49/mo.,  (46  pmts?) 

^  1/wU  E-VALUECode:  18599- S20717n 


Dell  I  EMC 


If  you  have  more  than  300GB  of  storage,  visit  www.dell.com/storage4mybiz 
for  low  prices  on  Dell/EMC  storage  arrays. 


Solutions  that  fit. 


Easy  as 


D«  i 


Click  www.dell.com/bizsolutions 


Call  1-877-361-3355 

toll  free 


credit  ‘This  term  indicates  compliance  with  IEEE  standard  802  3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  iGB/sec.  For  high-speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  infrastructure  is  required,  ■•technician, 
replacement  part  or  unit  (depending  on  service  contract)  will  be  dispatched  if  necessary  following  phone-based  troubleshooting  in  advance  of  receipt  of  returned  defective  unit  Service  may  be  provided  by  third-party  provider  Subject  to  parts  availability,  geographical 
restrictions  and  terms  of  service  contract  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell.  Defective  unit  must  be  returned.  Replacements  may  be  refurbished  U.S.  only.  Dell,  the  stylized  E  logo,  E  Value.  PowerEdge,  PowerConnect  and  PowerVault  are  trademarks 
ol  Dell  Computer  Corporation  Intel.  Intel  Inside,  the  Intel  Inside  logo.  Intel  Xeon,  the  Intel  Xeon  logo,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2003  Dell  Computer 

Corporation.  All  rights  reserved 
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continued  from  page  11 
network  devices. 

Gigabit  to  the  desktop  also  will  be  in 


place  to  support  new  medical-imaging 
systems. 

“The  bandwidth  involved  with  that  is  not 
insignificant,”  Morreale  says.  For  a  doctor 
to  view  a  graphic  file,  such  as  an  X-ray  or 


Our  Video  on  Demand  (VOD) 
servers  are  air  cooled  from  front  to 
back.  The  APC  racks  that  house  the 
InfraStruXure  "  are  also  designed  to  cool 
from  front  to  back.  So  the  same  racks 
can  effectively  house  our  power  system 
and  our  servers." 


Vince  Pombo,  Vice  President  of  Engineering 
Rich  Flanders,  Director  of  Engineering 
Time  Warner  Cable. 
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On  Your 
Mark... 

Are  you  ready  to  reduce  power 
densities  in  your  rack  with  an 
efficient,  cost-saving  power 
and  cooling  solution  that 
ensures  availability? 


More  and  more  IT  professionals  are  changing  from  legacy 
systems  to  a  new  integrated  power  and  cooling  solution. 


E-mail  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston.  Rl  02892  USA  ©2003  American 
Power  Conversion  Corporation  All  Trademarks  are  the  property  of  their  respective  owners.  ISX2C3EF-US 


cardiology  image,  involves  a  200M-byte 
file  download.“Those  PCs  generate  a  huge 
amount  of  traffic."  Summit  switches  will 
provide  the  ports  for  about  50  Gigabit 
workstations. 

While  the  upgrade  has  been  smooth, 
Morreale  says  a  couple  of  unexpected 
costs  came  up  during  the  project  —  both 
having  to  do  with  electricity 

The  new  core  switches  required  “twist- 
lock”  power  outlets  —  plugs  that  prevent 
a  power  cord  from  being  kicked  loose 
—  which  were  not  present  in  the  hospi¬ 
tal’s  computer  room.  This  required  an 
electrician  call.  Also,  because  the  switch¬ 
es  in  the  wiring  closets  use  more  power 
than  the  hubs  they’re  replacing,  Mor¬ 
reale  says  ventilation  will  need  to  be 
installed  to  keep  gear  in  the  closets  cool. 

“These  things  weren’t  issues  with  our 
old  hubs,”  he  adds. 

Morreale  says  he  can  live  with  these 
incidental  labor  costs  because  the  Ex¬ 
treme  switches  will  provide  new  Layer  3 
features  for  the  LAN  core  and  edge  traf¬ 
fic,  such  as  quality  of  service  for  latency- 
sensitive  applications.  Routing  also  will 
let  segments  of  the  network  be  put  into 
subnets. This  will  protect  traffic  such  as 
image  file  transfers  from  broadcast 
storms,  which  sometimes  happen  on  a 
NBHN  LAN  running  a  mixture  of  mod¬ 
ern  and  legacy  protocols. 

Morreale  says  he  did  not  consider  mix¬ 
ing  and  matching  core  and  wiring-closet 
LAN  gear  from  various  switch 
makers  because  he  wanted 
the  network  to  run  as  an  eas¬ 
ily  managed  system,  with 


as  little  tinkering  as  necessary  from 
his  staff. 

“We’re  making  a  quantum  leap  in  tech¬ 
nology  but  not  in  IT  staff,  he  says.  The 
Extreme  switches  all  run  ExtremeWare, 
the  vendor’s  management  platform  that 
can  let  NBHN  IT  staff  monitor  and  change 
the  configuration  of  any  port  in  the  com¬ 
pany,  Morreale  says. 

fell  want  to  keep  the 
network  robust  with  plenty 
of  room  to  grow.  99 

Dan  Morreale 

CIO,  North  Bronx  Healthcare  Network 


Future  budgeting  considerations  were 
also  a  factor  in  the  decision  to  forgo 
Gigabit  Ethernet  for  10G  in  the  core. 

“I  want  to  keep  the  network  robust 
with  plenty  of  room  to  grow”  Morreale 
says.  “So  we  put  in  some  really  big  stuff 
—  maybe  more  than  we  need  —  for 
now.  We  will  grow  into  it  over  the  next 
few  years.” 

He  says  the  10G  installation  also  will 
put  off  the  next  upgrade  well  into  the 
future,  which  sounded  good  to  his  bud¬ 
get  people.  “We  don’t  like  to  keep  going 
back  to  the  well  for  more  money  for  net¬ 
work  costs.  That’s  anoth¬ 
er  reason  why  we  over¬ 
built”  the  network  in  the 
blueprint,  he  adds.  ■ 


Get  more  information  online. 
DocFinder:  7245 
www.nwfusion.com 


Quantum  leap 

North  Bronx  Health  Network  is  in  the  process  of  a  $3.5  million  network 
upgrade,  moving  from  Fast  Ethernet  to  10G  Ethernet  in  the  backbone. 
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Jacobi  Medical  Center  North 


Jacobi  Medical  Center  South 


O  All  traffic  is  collapsed  to  two  0  Fiber  running  to  nearby  0  A  mix  of  Alpine  chassis  switches  and  Summit 
BlackDiamond  switches  in  Jacobi  Medical  Center  stackable  switches  provides  most  users 

the  core,  outfitted  with  10G  buildings  supports  10G  links  with  100M  bit/sec  links;  some  medical- 

Ethemet  line  cards.  back  to  the  core.  imaging  PCs  receive  Gigabit  connections. 


FREE  White  Paper! 

"Determining  Total  Cost  of  Ownership 
for  Data  Center  and  Network 
Room  Infrastructure" 

Just  mail  or  fax  this  completed  coupon 
or  contact  APC  for  your  FREE  white 
paper.  'Determining  Total  Cost  of 
Ownership  for  Data  Center  and 
Network  Room  Infrastructure.’ 

Also  receive  our  FREE  InfraStruXure’ 
brochure.  Better  yet,  order  both  today 
at  the  APC  Web  site! 

http:// promo,  ape.  com 
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What  type  of  availability  solution  do  you  need? 

□  UPS:  0-1 6kVA  (Single-phase)  □  UPS:  10-80kVA  (3-phase  AC)  □  UPS:  80+  kVA  (3-phase  AC)  □  DC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management 

□  Cables/Wires  □  Mobile  Protection  □  Surge  Protection  □  UPS  Upgrade  □  Don't  know 
Purchase  timeframe?  □  <1  Month  □  1-3  Months  □  3-12  Months  □  1  Yr.  Plus  □  Don't  know 
You  are  (check  1):  □  Flome/Flome  Office  □  Business  (<1000  employees)  □  Large  Corp.  (>1000  employees! 

□  Gov't,  Education,  Public  Org.  □  APC  Sellers  &  Partners 
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Legendary  Reliability" 


Are  you  set  to  save  space 
and  minimize  installation 
and  maintenance  costs 
with  a  modular  manageable, 
pre-engineered  architecture? 


t: 

ac 
1C 

"If  I  had  purchased  the  incumbent 
vendors  3-phase  upgrade  model, 

I  would  have  paid  75%  more  in  service 
costs  over  the  next  four  years  and 
I  would  have  had  to  utilize  50%  more 
of  my  precious  floor  space. " 


Captain  Timothy  Riley 

Support  Services  Division 

City  of  Newport  Beach  Police  Department 


Many  IT  professionals  have  switched 
from  an  inflexible  proprietary  system  to 
network  critical  physical  infrastructure. 


Be  Sure  of  Your  Solution 
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ADVERTISEMENT 

InfraStruXure" 
is  the  Key  to 
Stronger  NCPI 

by  Russell  Senesac 

InfraStruXure  Product  Manager 


APC  InfraStruXure  ”  architecture  is  the  industry's 
new  benchmark  for  on-demand  network-critical 
physical  infrastructure  (NCPI).  The  foundation  of  IT 
networks,  NCPI  consists  of  power,  power  distribu¬ 
tion,  racks,  cabling,  cable  distribution,  cooling,  and 
cooling  distribution.  Strong  NCPI  defends  your  IT 
networks  against  security  and  availability  problems. 

Complementing  these  benefits  of  strong  NCPI  is 
InfraStruXure’s  open,  adaptable,  integrated  ap¬ 
proach,  which  ensures  optimal  performance  and 
lower  upfront  and  operating  costs.  InfraStruXure 
fully  integrates  power,  cooling,  management  and 
services  within  a  rack-optimized  design. 

Power 

InfraStruXure  architecture  features  rack-optimized, 
intelligent  UPSs  and  power  distribution  units  that 
are  highly  manageable,  modular,  and  pre-engineered 
to  meet  the  demands  of  the  smallest  wiring  closet  to 
the  largest  data  center. 

Cooling 

Cooling  solutions  designed  for  InfraStruXure  are 
extremely  flexible,  fitting  almost  any  data  environment 
as  though  custom-made,  but  without  the  extensive  engi¬ 
neering  that  traditional  cooling  systems  require. 

Management 

InfraStruXure  boasts  the  industry’s  only  fully  integrated 
power  management  solution.  Monitor  the  elements  of 
your  data  center,  understand  how  your  InfraStruXure  is 
performing  and,  when  necessary,  take  action  remotely  to 
ensure  service  levels  are  met — all  from  a  Web  browser  on 
your  desktop  computer.  You’ll  be  able  to  maximize  avail¬ 
ability  through  system-level  proactive  management. 
InfraStruXure  management  solutions  are  easy  to  use  and 
require  little  to  no  training. 

Services 

A  full  menu  of  professional  services,  performed  by 
APC  Global  Services  experts,  supports  your 
InfraStruXure  architecture.  Whether  building  a  new 
installation  or  retrofitting  InfraStruXure  into  your 
existing  IT  environment,  a  range  of  services  is  able  to 
meet  your  specific  needs.  Factory-trained  professionals 
commission  the  elements  of  your  InfraStruXure, 
understand  how  it  is  performing  and,  when  necessary, 
take  action  to  ensure  optimal  service  levels  are  met. 

The  Result 

With  InfraStruXure,  you  get  the  reliability,  afford¬ 
ability  and  predictability  of  standard  solutions,  yet 
completely  customized  for  your  specific  problems. 
As  your  requirements  change,  InfraStruXure  easily 
adapts,  allowing  you  to  build  out  or  scale  back 
capacity  as  it  is  required.  ■ 

FREE  White  Paper  and  Infrastructure M  Brochure 

Visit  http://promo.apc.com  Key  Code  n260y 
Call  888-289-APCC  x2930  •  Fax  401 -788-2797 


Are  you  going  to  take  advantage  of 
this  availability  solution  to  prevent 
costly  downtime? 


Stop  hesitating. 


You've  been  given  the 
green  light  to  ensure  the 
continuous  operation  of  your 
mission-critical  electronic 
applications. 


Go  find  out  more  about  how 
InfraStruXure”  can  build  availability 
into  your  business  processes. 
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Open,  adaptable  and  Integrated 
architecture  for  on-demand 
network-critical  physical  infrastructure 


FREE  White  Paper: 
"Determining  Total  Cost 
of  Ownership  for  Data 
Center  and  Network  Room 
Infrastructure"  and  FREE 
InfraStruXure™  Brochure 


To  order  Visit  http://promo.apc.com  Key  Code  n260y 
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News 


Money  remains  tight  for  IT  start-ups 

Venture  capitalists  investing  in  companies  that  have  already  proven  themselves. 


■  BY  TIM  GREENE 

First-time  investments  in  IT  com¬ 
panies  in  the  second  quarter 
lagged  behind  such  investments 
in  general,  indicating  that  the  net¬ 
work  sector  has  not  turned 
around  yet, according  to  a  survey 
of  venture  capital  firms. 

While  the  total  number  of  com¬ 
panies  receiving  first-time  fund¬ 
ing  rose  slightly  in  the  last  quarter 
from  an  all-time  low  of  138  to  153, 
IT  start-ups  didn’t  fare  as  well. 

These  network  industry  statis¬ 
tics  were  supplied  to  Network 
World  by  three  organizations  that 
compile  the  quarterly  MoneyTree 
Venture  Capital  Survey:  Price- 
waterhouseCoopers, Venture  Eco¬ 
nomics  and  National  Venture 
Capital  Association. 

In  the  network  industry  cate¬ 
gories  —  computers  and  periph¬ 
erals,  IT  services,  networking  and 
equipment,  semiconductors,  soft¬ 
ware  and  Internet  communica¬ 
tions  —  only  63  of  338  deals  were 
for  first-time  funding.That  is  about 
18.6%,  down  from  the  previous 
quarter’s  mark  of  21%. 

Part  of  the  reason  is  that  big  cor¬ 
porations  are  not  spending  as 
much  on  IT  infrastructure,  says 
Todd  Dagres,  a  general  partner  at 
Battery  Ventures.“Now  they’re  pro¬ 
tecting  their  turf.  They’ve  already 
built  their  infrastructure  and  in 
this  environment  are  looking  to 
take  advantage  of  what  they’ve 
put  in  the  ground,  not  expand  it,” 
he  says. 

Exceptions  to  the  rule  are  in  the 
areas  of  storage  and  security, says 
Tracy  Lefteroff,  global  managing 


partner  of  the  ven¬ 
ture  capital  practice 
at  Pricewaterhouse- 
Coopers.  Security 
firm  CoreStreet  re¬ 
ceived  $4  million  in 
start-up  money  and 
is  poised  for  another  round,  CEO 
Peter  Hussey  says.  “There’s  proba¬ 
bly  never  been  a  time  in  our  his¬ 
tory  with  more  focus  on  security 
he  says. 

Even  so,  venture  firms  seemed 
more  cautious,  with  more  of  them 
interested  in  funding  later  rounds 
but  not  as  willing  to  make  initial 
investments,  Hussey  says.  In  addi¬ 
tion  to  focusing  on  security, 
CoreStreet  also  seemed  more 
attractive  because  it  already  had 
a  product  in  beta  tests  with  gov¬ 
ernment  agencies, and  the  found¬ 
ing  team  had  run  successful  start¬ 
ups  before,  Hussey  says.The  com¬ 
pany  also  is  sitting  on  14  U.S. 


patents  for  its  tech¬ 
nology,  he  says. 

Web-services 
infrastructure  start¬ 
up  Active  End¬ 
points  received 
$6.5  million  and 
found  the  scrutiny  by  venture 
capitalists  to  be  more  intense, 
says  Fred  Halohan,  company 
president.  Investors  are  trying  to 
determine  when  large  corpora¬ 
tions  will  start  buying.“When  will 
the  economy  rebound  enough  so 
innovative  customers  will  step  up 
and  buy  again?  Now  they  have 
their  horns  pulled  in,” he  says.The 
venture-capital  firms  he  spoke 
with  seemed  concerned  about 
companies  they  invested  in  earli¬ 
er  but  are  not  yet  profitable. 

“[Investors]  are  supporting 
what  they  already  had  on  their 
books,”  Lefteroff  says.  “The  major¬ 
ity  of  the  money  is  going  to  sup¬ 


port  existing  companies  in  later- 
stage  deals.” 

With  Active  Endpoints  marking 
his  third  start-up,  Halohan  says  his 
past  successes  also  might  have 
helped. “We’ve  had  two  prior  ven¬ 
tures,  and  we  haven’t  lost  any¬ 
one’s  money  yet.  There’s  some 
thing  magical  about  that,” he  says. 

Investment  in  software  compa¬ 
nies  remained  high,  with  $864 
million  invested,  up  from  $810 
last  quarter. That  is  partly  because 
software  is  a  broad  category  rang¬ 
ing  from  consumer  to  service 
provider,  but  also  because  soft¬ 
ware  companies  deliver  products 
faster  than  hardware  companies, 
Dagres  says. 

First-time  investment  in  telecom 
companies  was  at  a  new  low  — 
only  two  start-ups  got  funding. 
That  lag,  plus  ongoing  consolida¬ 
tion  among  existing  providers, 
could  result  in  less  choice  for 
business  customers,  who  then 
might  start  spending  to  create 
their  own  wide-area  services,  Dag¬ 
res  says.  Overall  investments  in 
telecom  start-ups  actually  in¬ 
creased  21%  to  $615  million,  but 
that  was  for  second-  and  third- 
stage  investments,  the  survey  says. 

Investment  in  companies  that 
make  network  equipment  for 
businesses  also  was  down  for 
the  quarter,  from  $458  million  to 
$427  million.  One  reason  is  that 
a  few  major  vendors  dominate 
this  market,  making  the  prospect 
for  tiny  competitors  bleak, 
Lefteroff  says. 

For  more  information  on  the 
MoneyTree  survey,  go  to  www.nw 
fusion.com,  DocFinder:  7250.  ■ 
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Getting  started 

With  venture  funding  tight  in  the  second  quarter,  some 
network  start-ups  nevertheless  managed  to  score  their 
first  round  of  funding. 


Company 

Investment 

Business 

Broadmargin 

$21M 

Network  consultants 

RackSaver 

$14M 

High-density  rack-mount  servers 

Ammasso 

$10M 

Gigabit  Ethernet  clustering  cards 

Scalix  Software 

$13M 

Linux-based  e-mail  software 

Procuri 

$10M 

E-commerce  software 

Active  Endpoints 

$6.5M 

Enterprise  servers 

CoreStreet 

$4M 

Security  software 

SOURCE:  MONEYTREE  SURVEY  Q2.  2003 
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Wireless  mgmt.  software  gains  Microsoft  hooks 


■  BY  JOHN  FONTANA 

Sonic  Mobility  this  week  is 
expected  to  add  support  for 
Microsoft  Exchange  and  Active 
Directory  to  its  mobile  wireless 
system-administration  software. 

Sonicadmin  3.0,  which  runs  on 
Microsoft  Rocket  PC  and  RIM 
BlackBerry  devices,  gives  network 
administrators  the  ability  to 
securely  manage  devices  such  as 
switches,  routers,  servers  and  net- 
wt  rk  applications,  over  a  wireless 
connection  from  a  handheld. 

"What's  significant  here  is  that 
someone  doesn’t  have  to  be 
chained  to  a  desk,”  says  Mike 
Jude,  an  analyst  with  Enterprise 


Management  Associates.  “You 
have  more  flexibility  and  the  fact 
that  Sonic  is  expanding  the  reach 
of  its  software  is  a  good  thing.” 

Support  for  Exchange  2000  lets 
users  add,  modify  and  delete 
mailboxes;  edit  Simple  Mail 
Transfer  Protocol  proxy  address¬ 
es;  manage  storage  limits;  and 
view  queues.  With  Exchange 
2003,  users  also  can  manage 
queues  and  the  messages  inside 
those  queues. 

Administrators  using  Active 
Directory  can  perform  actions 
such  as  adding  or  removing  users 
from  organizational  units  and 
changing  permission  settings  on 
those  units.  They  also  can  man¬ 


age  local  and  domain  users,  and 
edit  and  set  user-account  expira¬ 
tion  dates. 

The  new  version  adds  support 
for  RSA  Security’s  SecurlD  two- 
factor  authentication  to  secure 
access  to  a  network  before 
accessing  the  Sonicadmin  server, 
which  runs  on  a  Windows  server. 
The  Sonicadmin  server  supports 
Triple-DES  encryption  and  match¬ 
es  an  administrator’s  logon  with 
the  logon  on  the  target  network 
device  or  server  to  ensure  the  cor¬ 
rect  set  of  permissions  is  assigned 
to  the  user. 

Sonicadmin  3.0  also  supports 
VT-100  terminal  emulation  for 
network  devices  that  require 


more  than  a  command-line  inter¬ 
face  for  administration. 

Compression  technology  new 
with  Version  3.0  is  designed  to 
make  Sonicadmin  run  faster  over 
any  wireless  connection. 

Sonic  Mobility’s  software  com¬ 
petes  with  similar  offerings  from 
Expand  Beyond, Sessionware  and 
Allen  Systems  Group. 

Sonicadmin  3.0  starts  at  $2,500, 
which  includes  the  licenses  to 
manage  10  servers  and  10  net¬ 
work  devices.  The  software  is 
available  as  a  free  upgrade  for 
those  who  have  licensed  Win-  I 
dows  Server  2003  Mobile  Admin 
Pack,  which  is  based  on  the 
Sonicadmin  software.® 


www.nwfusion.comJ 
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■  OPERATING  SYSTEMS  B  NETWORKED  STORAGE 
fl  VOIP  B  WIRELESS  NETWORKS 


■  SMC  Networks  last  week  contin¬ 
ued  its  Gigabit  product  push  for  small 
and  midsize  networks  with  its  EZ 
Switch  10/100/1000M  bit/sec  boxes. 
Versions  of  the  switch  come  with  five 
or  eight  ports  of  triple-speed  Ethernet 
connections.  The  five-port  EZ  Switch 
costs  $130,  and  the  eight-port  costs 
$180.  SMC  also  announced  a  $30 
Gigabit-over-copper  network  interface 
card,  the  EZ  Card  1000.  The  NIC  sup¬ 
ports  32-bit  PCI  server  and  PC  hard¬ 
ware,  and  will  be  available  next  month. 

■  Maxxan  this  week  will  announce  its 
intelligent  multi-protocol  Fibre  Chan¬ 
nel  switch.  The  MXV320  has  as  many 
as  320  ports  that  can  be  configured 
for  Fibre  Channel,  Gigabit  Ethernet  or 
Fibre  Channel  over  IP  connectivity. 

The  iSCSI  protocol  will  be  supported 
in  the  future,  the  company  says.  Line 
cards,  which  run  applications  such  as 
FalconStor's  IPStor  virtualization, 
snapshot  backup  and  replication  soft¬ 
ware  or  Veritas  Software  NetBackup, 
can  be  added.  The  company  also  is 
shipping  the  SAIOOf,  an  appliance  that 
could  be  placed  in  a  remote  office  for 
replicating  data  to  the  data  center, 
backup  and  recovery,  and  virtualiza¬ 
tion.  The  MXV320  with  64  Fibre 
Channel  ports  and  two  application  line 
cards  is  $167,900.  The  SAIOOf  with 
replication  capability  is  $37,500. 

■  Raritan  Computer  says  it  has  the 

answer  for  companies  tired  of  send¬ 
ing  IT  staff  to  remote  locations  to 
manage  hardware.  A  new  product, 
called  Dominion  KSX,  integrates 
KVM,  serial  and  power  control  with 
IP  access  technologies  to  let  cus¬ 
tomers  manage  equipment  such  as 
servers,  switches,  routers,  PBXs  and 
power  strips  via  a  Web  browser. 

Users  log  on  to  the  Web-based  con¬ 
sole  using  single  sign-on  to  get  a 
real-time  graphical  view  of  all  the  IT 
equipment  connected  to  the  KSX, 
and  then  can  troubleshoot,  configure 
and  maintain  the  hardware.  The  sin¬ 
gle-box  appliance  starts  at  $3,400  for 
the  KSX440,  which  has  four  KVM 
ports,  four  serial  ports  and  one 
power  control  port. 


Backup  as  a  way  of  life 

Lifeline  Systems  must  be  there  when  you’ve  fallen  and  can’t  get 

■  BY  TIM  GREENE 


up. 


Department  of  Redundancy  Department 

Lifeline’s  call  centers  must  be  working  at  all  times  in  order  to  provide 
emergency  services  to  its  customers,  so  its  two  call  centers  are  designed 
for  resiliency. 

I  AT&T  POP 
Cambridge,  Mass. 


Links  to  two  AT&T  points  of 
presence  protect  incoming 
emergency  calls  from  being 
lost  if  one  POP  goes  down. 


Lifeline  primary  site 
Framingham,  Mass. 


Lifeline  back-up  site 
Framingham,  Mass. 

K 


AT&T  POP 


A  private  fiber-optic  link  provides  a 
channel  for  backing  up  data  and  an 
alternate  route  for  voice  traffic. 

•  SONET  ring 


SONET  technology  has  built-in  recovery  features. 


I&aiJ 


Verizon  switching  office 


HP  eases  management  of 
storage  tape  libraries 


FRAMINGHAM,  MASS.  —  At  Lifeline 
Systems,  everything  must  have  a  backup 
because  the  company  can’t  tolerate  inter¬ 
ruptions  to  its  daily  business:  fielding  tens 
of  thousands  of  help  calls  from  cus¬ 
tomers  who  are  in  potentially  life-threat¬ 
ening  situations. 

That’s  why  last  fall  when  the  emergency- 
call-response  firm  needed  more  room,  it 
chose  to  open  a  separate  facility  that 
would  give  it  the  space  it  needed  but  also 
act  as  a  fully  functional  stand-alone 
call/data  center.  If  catastrophe  were  to 
strike  the  primary  facility,  the  second  one 
could  keep  the  business  going.  “We  can 
never  have  a  call  abandoned,”  says 
Lifeline’s  CIO  Richard  Reich.  His  staff  de¬ 
signed  and  implemented  its  plan  that 
went  live  earlier  this  summer 

Lifeline,  the  “I’ve  fallen  and  1  can’t  get 
up”  company,  has  340,000  customers  who 
wear  Lifeline  pendants  or  bracelets  with 
buttons  to  push  in  emergencies.  These 
devices  send  312M  Hz  wireless  prompts 
to  other  Lifeline  devices  in  customer 
homes  called  communicators.These  look 
and  act  like  speaker  phones  and,  when 
triggered,  dial  Lifeline’s  call  center  in 
Framingham. 

At  the  call  center,  receiver  devices  deter¬ 
mine  within  seconds  whether  the  unit 
went  off  by  itself  because  its  battery  was 
low  or  because  somebody  pushed  the 
emergency  button.  If  the  latter,  the  call  is 
placed  briefly  in  a  queue  while  a  record 
containing  that  customer’s  information  is 
drawn  from  a  database. 

The  communicator  also  relays  its  unique 
ID  number  that  is  used  to  tap  Lifeline’s 
Oracle  database  for  details  about  the  cus¬ 
tomer  associated  with  the  unit.  This  infor¬ 
mation  includes  the  customer’s  name, 
address,  phone  number,  names  and  phone 
numbers  of  responders  (friends,  neigh¬ 
bors,  relatives),  and  the  phone  numbers  of 
local  emergency  services.  It  also  lists  physi¬ 
cians  and  other  people  to  notify  in  case  of 
an  emergency  if  those  people  are  not 
among  the  responders. 

Genesys  Telecommunications  Labs  com¬ 
puter-telephony  integration  software  from 
Siemens  gathers  this  information  from  the 
database  and  displays  it  on  call  agents’ 
workstations  when  they  pick  up  calls. 

Lifeline  always  has  wanted  to  make  sure 
See  Lifeline,  page  20 


■  BY  DENI  CONNOR 

HP  is  embedding  technology  in  its  stor¬ 
age  tap  libraries  that  should  help  users 
manage  the  migration  and  movement  of 
data  more  easily,  the  company  says. 

HP  recently  announced  the  Storage- 
Works  Extended  Tape  Library  Arch¬ 
itecture,  which  consists  of  an  integrated 
E2400-160  FC  Interface  Controller  that 
links  tape  drives  to  storage-area  networks 
(SAN),  and  an  Interface  Manager,  which 
contains  software  that  can  be  used  to 
monitor  the  health  of  the  library  The 
Interface  Manager  card  in  each  controller 
communicates  with  HP’s  CommandView 
management  console,  which  can  gather 
information  about  the  health  of  the 
library  configure  the  device  and  optimize 
its  performance. 

With  this  technology  and  with  a  con¬ 
troller  in  front  of  a  library  of  tape  drives, 
the  company  can  install  applications  on 
the  controller  that  make  libraries  easier  to 
manage,  control  and  migrate  data  to. 
Competitors  such  as  AD1C  and  Quantum 


say  they  already  have  similar  technology 
in  place. 

Unlike  disk  drives,  which  attach  to  the 
SAN  via  a  controller  interface,  tape 
libraries  typically  attach  directly  through 
Fibre  Channel  connections  or  a  SCSI-to- 
Fibre  Channel  router  to  SAN  switches. 
When  attached  in  this  fashion,  users  rely 
on  separate  software  to  monitor  the 
health,  performance  and  other  features  of 
the  tape  drives.  In  some  cases,  applica¬ 
tions  such  as  replication,  serverless  back¬ 
up  and  virtualization  have  resided  on  sep¬ 
arate  host  computers.  Those  characteris¬ 
tics  now  are  coming  to  tape,  HP  says. 

Companies  with  mainframes  are  familiar 
with  intelligent  storage  controllers.  IBM 
and  StorageTek  have  implemented  them  in 
their  Virtual  Tape  System  and  Virtual 
Storage  Manager,  in  which  a  controller-type 
device  is  placed  in  front  of  several  libraries 
and  distributes  and  migrates  data  to  the 
tape  device  transparently  to  the  back-up 
application.  Several  other  companies, 
including  Computer  Associates  and 

See  HP,  page  20 
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Ethernet  NICs:  Are  they  really  a  commodity? 


NetworkWorld  8/18/03 


At  Circuit  City  last  week,  a  glance  to 
one  side  stopped  me  dead  in  my 
tracks  —  it  was  a  Fast  Ethernet  PCI 
network  interface  card  for  $4  and  change. 
When  a  LAN  interface  costs  about  the 
same  as  a  combo  meal  at  Wendy’s,  you 
have  to  wonder  —  is  the  NIC  just  a  faceless, 
nameless  commodity? 

Like  pork  bellies,  soybeans,  wheat  and 
light  crude,  is  buying  NICs  all  just  about  vol¬ 
ume  and  price?  And,  with  more  and  more 
PC  and  notebook  vendors  using  integrated 
“LAN  on  Motherboard"  approaches,  you’ve 
got  to  ask  yourself  whether  there  is  even  a 
point  in  being  concerned  about  the  differ¬ 
ences.  Is  anyone  really  going  to  change  his 
PC  preference  because  of  the  LAN  inter¬ 


face?  Not  likely 

Still,  there  are  significant  differences 
among  NICs.  And,  while  these  differences 
might  mean  little  to  home  consumers,  they 
can  have  a  big  impact  on  overall  manage¬ 
ability  and  total  cost  of  ownership  in  cor¬ 
porations. 

A  search  of  network  gear  supplier  CDW’s 
Web  site  shows  that  Fast  Ethernet  PCI  NICs 
can  be  had  for  as  low  as  $1 1  (Linksys)  and 
upwards  of  $70  (Intel)  —  with  Fast  Ethernet 
server  adapters  in  the  $80  to  $100  range 
(more,  typically  if  outfitted  with  a  fiber-optic 
interface).  So  what  are  the  differences? 

A  set  of  features  important  to  both  client 
and  server  NICs  is  “manageability’  It’s  not 
hard  to  find  NICs  that  label  themselves 
“managed,”  but  it  is  often  a  challenge  to 
determine  what  exactly  vendors  mean  by 
it.  It  would  seem  that  some  of  them  define 
managed  as  being  “not  NOT  managed.” 
That  is,  once  they  implement  any  function 
that  can  be  construed  as  letting  some  ele¬ 
ment  of  the  NIC  be  managed  (like  assign¬ 


ing  a  locally  administered  address),  voila 
—  they  have  a  managed  NIC. 

But  really,  it  means  having  features  like 
“Wake  on  LAN”  (WoL)  or  support  of  the 
pre-execution  environment  (PXE).WoL  lets 
the  NIC  trigger  a  system  boot  on  receipt  of 
a  specific  packet.  PXE  allows  for  special 
management  software  to  load  and  execute 
before  the  Windows  boot  loader  gets  con¬ 
trol  of  the  CPU. 

Less  esoteric  and  more  useful  on  a  day- 
to-day  basis  are  management  features  that 
help  isolate  and  debug  connectivity  prob¬ 
lems.  While  many  of  these  functions  are 
available  via  arcane  command-line  inter¬ 
faces,  having  them  easily  accessible  via  a 
GUI  will  simplify  the  job  for  the  help  desk 
and  let  some  users  fix  their  own  problems. 

Vital  signs  are  essential.  These  displays 
tell  the  user  about  the  addressing  and 
operational  status  of  the  NIC.  If  the  NIC 
doesn’t  have  an  IP  address,  for  example, 
you  often  need  to  look  no  further  to  solve 
your  problem.  Features  that  allow  “loop¬ 


back”  at  Layer  2  and  Layer  3  (i.e.,“ping”) 
also  can  come  in  handy. 

Server  adapters  offer  up  an  even  broader 
array  of  options  based,  unsurprisingly, 
around  performance. 

The  more  subtle  performance  features, 
though,  are  destined  to  help  as  well  — 
and  here  it  is  all  about  “offload."  Even 
“commodity-class”  server  NICs  are  offer¬ 
ing  some  basic  offload  of  checksum  cal¬ 
culation,  TCP  segmentation,  IPSec  termi¬ 
nation  and  the  like.  Formal  and  informal 
testing  of  these  features  by  The  Tolly 
Group  have  shown  that  these  translate 
into  demonstrable  benefits  especially 
when  pushing  through  Fast  Ethernet  to 
Gigabit  Ethernet  levels. 

So  for  enterprise  nets,  don’t  be  lulled  into 
thinking  that  all  NICs  are  created  equal. 

Tolly  is  president  of  The  Tolly  Group,  a  stra¬ 
tegic  consulting  and  independent  testing 
company  in  Manasquan,  N.J.  He  can  be 
reached  at  ktolly@tolly.com. 


Lifeline 

continued  from  page  19 

its  phone  system  was  as  redundant  as  pos¬ 
sible,  Reich  says,  so  it  had  Verizon  install  a 
private  SONET  ring  between  its  original 
100-seat  call  center  at  headquarters,  and 
Verizon’s  local  central  office.  SONET’s 
built-in  redundancy  leaves  phone  service 
uninterrupted  if  the  SONET  ring  is  cut. 

The  ring  also  is  connected  to  the  local 
point  of  presence  for  AT&T  using  eight  T-ls 
worth  of  bandwidth.  AT&T  supplies 
Lifeline’s  long-distance  and  800  number 
service  and  backs  up  local  phone  service 
if  the  Verizon  central  office  fails. 

When  it  added  the  second  62-seat  call 
center  a  quarter-mile  away  from  the  first, 
Lifeline  wanted  to  increase  redundancy  in 
its  telecom  infrastructure. 

So  it  connected  the  new  building  to  the 
local  Verizon  switching  office  via  aT-1  and 
to  an  AT&T  POP  about  20  miles  away  in 
Cambridge  via  four  T-ls.  Finally,  Lifeline 
dug  a  trench  and  installed  48  strands  of 
optical  fiber  directly  between  the  two 
Lifeline  facilities  that  connect  their  phone 
and  data  systems  (see  diagram). 

To  make  best  use  of  the  two  call  centers, 
Lifeline  is  signing  up  for  an  AT&T  service 
that  allocates  a  certain  percentage  of  calls 
to  one  center  and  the  rest  to  the  other. 
Lifeline  would  have  control  over  those  per¬ 
centages  and  could  adjust  them  at  will  via 
a  Web  interface  or  by  phone,  Reich  says. 

The  facilities  even  have  freezers  storing 
food  to  feed  the  staff  in  an  emergency,  unin- 
terruptable  power  supplies  and  diesel-pow¬ 
ered  back-up  electrical  generators.  Fbrtable 
generators  can  be  trucked  in  and  connect¬ 
ed  should  the  backups  fail, and  lifeline  has 
priority  contracts  with  fuel  suppliers  so  the 
backups  could  run  indefinitely 

Inside  the  centers,  Lifeline  has  installed 
redundant  voice  and  data  systems.  Each 
has  its  own  Avaya  PBX,  Lifeline  receiver 


devices  and  workstations.  Business  work¬ 
stations  are  designed  to  convert  quickly 
to  call-center  workstations  in  emergen¬ 
cies.  They  each  also  have  primary  and 
back-up  computer-telephony  integration 
databases  and  servers;  in-house  Care- 
System  databases  and  servers;  and 
archive  databases. 

The  databases  are  replicated  across  the 
private  fiber  connection,  and  if  the  fiber 
were  cut,  the  call  centers  could  continue 
to  operate  independently  until  the  break 
was  fixed,  says  Bill  Rebello,  director  of 
infrastructure  and  support  for  Lifeline. 

The  company  has  two  T-ls  for  Internet 
access  at  the  main  office  and  one  at  the 
backup  for  redundancy  The  company  is 
getting  ready  to  bond  the  three  together 


HP 
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Fujitsu-Softek,  have  implemented  virtual 
tape  systems  in  software. 

The  StorageWorks  Extended  Tape 
Library  Architecture  automates  and  veri¬ 
fies  configurations,  avoids  network  colli¬ 
sions  that  could  disrupt  backup,  and 
detects  and  tracks  SAN  errors.  In  the 
future,  HP  says  it  will  be  able  to  decide 
which  tape  drive  to  archive  data  to,  parti¬ 
tion  drives  and  determine  whether  data 
should  be  migrated  to  disk  rather  than 
tape.  HP  says  it  plans  to  include  virtualiza¬ 
tion  software  capability,  which  aggregates 
multiple  libraries  into  one  virtual  pool  so 
data  can  be  migrated  and  archived  more 
easily.  In  the  event  of  a  drive  failure,  an¬ 
other  tape  drive  could  be  substituted  for 
the  failed  drive  without  the  back-up  appli¬ 
cation  being  aware. 

“We  see  this  setting  the  stage  for  infor¬ 
mation  life-cycle  management,”  says  Rick 
Luttrall,  director  of  near-line  product  mar¬ 
keting  for  HP's  Network  Storage  division. 


into  a  single  logical  link  as  it  considers  a 
peer-to-peer  VPN  for  its  seven  regional 
offices.  Each  regional  office  connects  to 
the  Internet  via  T-l  and  has  a  Cisco  VPN- 
enabled  router.  VPN  links  are  terminated 
at  the  main  site  in  Framingham  on  a  PIX 
VPN  firewall,  and  there  is  a  redundant  PIX 
at  the  second  building.  Before  the  second 
site  went  live,  there  were  two  PIX  firewalls 
at  the  main  site. 

The  regional  offices  have  conventional 
phone  systems  for  handling  customer  ser¬ 
vice  calls,  but  don’t  handle  emergency 
calls.  Business  data  flows  over  the  VPN  to 
headquarters,  and  Lifeline  is  experiment¬ 
ing  with  voice  over  IP  (VoIP)  on  the  VPN. 
Down  the  road,  the  company  may  consid¬ 
er  installing  IP  voice  servers  that  can  dis- 


“You  are  going  to  need  to  have  attribute- 
based  storage  or  hierarchical  storage 
management  where  you  store  the  things 
you  need  most  quickly  on  disk  and  the 
data  you  may  only  need  once  a  year  on 
tape.  It’s  still  accessible  regardless  of 
where  it  sits  in  the  hierarchy’ 

HP  is  not  the  first  to  take  advantage  of 
placing  applications  on  tape  con¬ 
trollers.  ADIC,  which  introduced  its 
Scalar  i2000  library  in  March,  also  uses 
an  intelligent  controller  to  interface  its 
box  with  Fibre  Channel  switches.  Like 
HP’s  technology,  this  lets  users  migrate  to 
faster  Fibre  Channel  SANs  without 
changing  the  individual  tape  drives  in 
the  array. 

ADIC’s  Scalar  i2000  integrates  back-up 
management  functions,  including  native 
partitioning  of  one  library  into  multiple 
logical  libraries,  mixed  media,  Fibre 
Channel  connectivity,  performance  moni¬ 
toring,  system  health  and  readiness 
checks,  diagnostics  and  policy-based 
user  alerts. 

Quantum-ATL’s  FC470  Fibre  Channel 


tribute  IP  phone  calls  among  any  of  the 
sites  making  it  possible  for  any  of  the 
regional  sites  to  function  as  call  centers  in 
an  emergency,  Reich  says.  Another  poten¬ 
tial  benefit  of  VoIP  is  easier  voice  and  data 
management  because  the  network  would 
be  all-IP 

The  company  is  already  into  storing 
voice  digitally,  using  software  from  Verint. 
Specific  calls’  .wav  files  can  be  retrieved 
by  searching  on  time  and  customer  name, 
rather  than  searching  through  tapes. 

If  Lifeline  decides  to  move  toward  VoIRit 
would  hire  one  service  provider  to  handle 
all  Internet  connections.That  way  the  com¬ 
pany  could  negotiate  more  service-level 
agreements  geared  toward  supporting 
high-quality  voice,  Rebello  says.  ■ 


router  also  monitors  health  information  of 
the  library  and  performs  partitioning  and 
serverless  backup. 

“The  tape  library  has  been  the  last 
place  where  vendors  have  innovated 
with  respect  to  enabling  the  networking 
of  tape  products,”  says  Peter  Gerr,  senior 
analyst  at  Enterprise  Storage  Group. 
“From  a  tactical  standpoint  it  allows 
users  to  consider  the  tape  aspects  of 
their  environments  along  with  the  disk 
solutions,  which  is  a  good  thing  for  the 
management  of  tape." 

The  interface  controller  for  HP’s  Stor¬ 
ageWorks  Extended  Tape  Library  archi¬ 
tecture  costs  $13,000.  It  also  is  incorpo¬ 
rated  into  the  HP  ESL9000  Extended 
Library.  The  separate  Interface  Manager 
card  is  expected  to  be  available  next 
month  for  $2,000.  ■ 


Storage 
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Special  Focus:  videoconferencing 

Simplicity  key  to  videoconferencing  success 


” - \ 

Tips  for  successful  videoconferencing 

• 

Plan  ahead:  How  will  the  technology  be  used  and  what  network  systems  need 
to  be  in  place  to  support  it  (i.e.  addressing  and  QoS  schemes)? 

• 

Know  what  you’re  buying:  What  are  the  product's  limitations?  Do  you  have 
the  latest  software  versions? 

• 

Beware  of  poor  resellers/  consultants:Those  who  promise  the  world  can 
deliver  systems  more  complex  than  needed,  and  hamper  productivity. 

• 

End  users:  Get  them  involved  early  in  the  testing  and  get  feedback. 

• 

Just  another  tool:  Make  the  technology  as  transparent  as  possible  so  users 

v _ 

feel  like  they’re  in  a  meeting  and  not  onTV. 

■  BY  JASON  MESERVE 

Videoconferencing  technology  is  gaining 
popularity  for  specific  applications  such  as 
distance  learning,  corporate  communica¬ 
tions  and  group  meetings. 

Schoolchildren  in  rural  Oklahoma  are 
taking  virtual  tours  to  the  Baseball  Hall  of 
Fame  in  Cooperstown,  N.Y,  and  the  Mote 
Marine  Laboratory  in  Sarasota,  Fla.  Bristol- 
Myers  Squibb  is  conducting  company-wide 
meetings  at  a  savings  of  $14,000  per  meet¬ 
ing.  Consultants  at  Manhattan  Associates 
are  using  videoconferencing  to  meet  with 
multiple  clients  in  one  day  with  the  added 
benefit  of  travel  cost  savings. 

At  the  Howe  Public  Schools  near  the 
Arkansas  border  in  southeastern  Okla¬ 
homa,  videoconferencing  was  brought  in 
to  help  expand  the  curriculum  in  the  dis¬ 
trict,  but  ended  up  having  the  opposite 
effect.  “We  wanted  to  bring  classes  in,  but 


■  BMC  Software  has  extended  sup¬ 
port  for  many  versions  of  Linux  to 
several  of  its  systems  and  database 
management  products.  For  example, 
BMC  has  added  support  for  Red 
Hat's  Enterprise  Linux  2.1  and  SuSE 
Linux's  Linux  Enterprise  Server  8  to 
several  of  its  products,  including 
Deployment  Manager  for  Linux 
Version  1.2,  and  its  SmartDBA 
cross-platform  database  manage¬ 
ment  tools.  The  new  version  of 
Deployment  Manager  lets  adminis¬ 
trators  manage  thousands  of  dissim¬ 
ilar  Linux  systems  from  a  central 
location. 

The  tool  supports  in-house  Linux 
applications  and  disk  sharing  for 
IBM's  Virtual  Memory  operating  sys¬ 
tem,  BMC  says.  The  company  has 
expanded  its  product  family  for  man¬ 
aging  mixed  database  environments 
with  the  addition  of  performance- 
monitoring  tools  for  Sybase  and 
SOL  Server  databases.  The  Smart¬ 
DBA  products  for  Sybase  and  SOL 
Server  and  the  Linux  products  are 
available  now. 


we  ended  up  hiring  teachers  and  do  class¬ 
es  out  nowf  says  Lance  Ford,  technology 
coordinator  for  Howe  and  a  neighboring 
district. Video  is  used  to  offer  classes  such 
as  video  production  (taught  by  Ford)  and 
Spanish  to  other  area  schools,  with  the 
remote  school  picking  up  part  of  the  full¬ 
time  teacher’s  salary“Plus,  we  take  our  kids 
all  over  the  country  on  virtual  field  trips.” 

Howe  has  about  a  dozen  IP-based 
(H.323)  videoconferencing  units,  ranging 
from  a  Polycom  ViaVideo  desktop  device 
all  the  way  up  to  a  $30,000  Tandberg  6000 
room  system  with  big-screen  plasma  dis¬ 
plays  and  document  cameras.  A  16-port 
Tandberg  multi-point  control  unit  (MCU) 
and  eight-port  Accord  (now  Polycom) 
bridge  help  connect  the  district  to  the  out¬ 
side  world  via  the  state’s  OneNet  ISP  a 
lOOM-bit  network  with  four  points  of  pres¬ 
ence  to  the  outside  world  and  a  Gigapop 
link  to  the  lnternet2  network.  The  district 
runs  a  Cisco-based  LAN  with  video  run¬ 
ning  separately  from  the  data  network, 
which  helps  simplify  administration. 

“I  could  have  done  priority  packet  rout¬ 
ing  with  the  Cisco  [equipment], but  I  didn’t 


■  BY  DENISE  DUBIE 

Keynote  next  month  plans  to  unveil  a  ser¬ 
vice  the  company  says  will  help  corporate 
customers  monitor  Web  site  response 
times  and  pinpoint  the  source  of  perform¬ 
ance  problems. 

Keynote’s  Project  Firefly  is  a  customized 
Web  management  portal,  or  dashboard, 
from  which  Keynote  customers  can  view 
measurements  of  Web  site  performance  in 
real  time.  Keynote  expects  to  begin  beta¬ 
testing  the  service  with  customers  in 
September. 

The  company  maintains  more  than  100 
points  of  presence  in  major  metropolitan 
areas  around  the  world  and  uses  1,500 
computers  to  simulate  and  send  real,  end- 
user  traffic  to  customer  Web  sites.  The 
company  measures  how  the  Web  site  re¬ 
sponds  to  high  traffic  volumes  and  hits 
from  different  geographic  locations,  and 
tracks  how  long  a  site  takes  to  load  con¬ 
tent  and  images. 

With  this  service,  Keynote  says  it  can  re¬ 


want  to  question  it,”  Ford  says  of  creating 
two  LANs.  “I  wanted  to  know  the  through¬ 
put  on  the  video  side  and  vice  versa.” 

Ford  says  training  is  one  key  to  success  in 
getting  dyed-in-the-wool  teachers  to  use 
the  newer  technology  as  well  as  making  it 
as  transparent  as  possible. 

“One  thing  we  do  in  the  distance-learn¬ 
ing  classrooms  is  use  a  locator  mat,  so 
when  you  step  on  it,  the  camera  will  focus 


late  performance  measurements  back  to 
the  network  and  systems  that  support 
them.The  service  also  can  identify  whether 
an  ISP  is  responsible  for  the  performance 
issues.  Customers  using  the  Firefly  service 
can  perform  diagnostics  through  the  dash¬ 
board  by  clicking  on  highlighted  problem 
areas  (see  graphic,  page  22).  The  service 
will  provide  companies  with  a  view  of  Web 
site  metrics  such  as  packet  loss,  availability 
based  on  location  and  network  latency 

Jean-Pierre  Garbani,  a  research  director 
with  Giga  Research  at  Forrester, says  the  ser¬ 
vice  could  help  enterprise  network  man¬ 
agers  extend  in-depth  network  and  systems 
monitoring  outside  their  corporate  fire¬ 
walls.  Data  collected  by  Keynote  can  be 
sent  to  management  consoles  from  HP1BM 
and  Computer  Associates,  and  Garbani 
says  most  large  management  vendors 
don’t  offer  the  external  view  of  Web  site 
performance  on  their  own. 

"The  service  provides  operational  per¬ 
formance  indicators.  It’s  not  just  measuring 
how  successful  a  Web  site  is  in  marketing 


on  your  location,”  Ford  says.“Before,we  had 
to  focus  the  camera  on  the  teacher’s  shirt  or 
something,  and  it  didn’t  work  out  as  well.” 

To  help  simplify  making  a  call,  particu¬ 
larly  to  the  outside  world,  Manhattan  Asso¬ 
ciates,  a  supply-chain  management  sys¬ 
tems  consultancy  in  Atlanta,  uses  Pbly- 
com’s  MGC-50  gateway  and  Path  Navigator 
software.  “Before,  users  had  to  enter  a 
See  Videoconferencing,  page  22 


terms,”  he  says.  “Enterprises  need  to  know 
how  their  site  works  from  the  outside,  and 
Keynote  is  tying  that  performance  back 
into  infrastructure  management.” 

Keynote,  along  with  its  competitor 
Gomez,  made  its  start  providing  perform¬ 
ance  benchmarking  services  to  corpora¬ 
tions.  With  this  and  other  recent  service 
offerings,  Keynote  has  delved  deeper  into 
troubleshooting,  diagnosing  and  finding 
the  cause  of  slowdowns  and  failures. 
Companies  such  as  Mercury  Interactive 
and  BMC,  with  its  recently  released  Patrol 
Express  3.0,  also  offer  products  and  ser¬ 
vices  that  monitor  performance  from  an 
end-user  perspective. 

Keynote  hosts  the  measurement  software 
and  configures  it  to  collect  performance 
statistics  from  customer  Web  sites,  and  it 
correlates  and  analyzes  the  data.  The  data 
is  then  fed  to  a  Web  portal,  which  generates 
reports  for  customers. 

To  use  Firefly,  enterprise  business  and 
network  managers  can  log  on  to  their 
See  Keynote,  page  22 


Keynote  offers  Web  site  mgmt.  service 

Company’s  Firefly  offering  aims  to  improve  site  performance. 


Enterprise  Applications 


The  U.S.  is  beginning  to  catch  up  with 
much  of  the  rest  of  the  developed 
world  when  it  comes  to  the  preva¬ 
lence  of  mobile  phones,  but  the  rest  of  the 
world  is  not  standing  still. 

Only  a  voyeur  would  look  forward  with 
any  pleasure  to  the  constant  inescapable 
one-ended  babble  of  people  exposing  their 
personal  or  business  underwear  in  public. 
But  1  expect  there’s  a  group  of  businesses 
that  look  forward  to  that  future  with  even 
more  disquiet  than  I  do,  and  those  are  the 
companies  whose  business  plans  depend 
on  the  continued  value  of  buried  and  sus¬ 


pended  copper. 

Projections  by  In-Stat/MDR  and  Nokia,  the 
Finnish  handset  maker, are  that  there  will  be 
between  1.6  billion  and  2  billion  cell 
phones  in  use  within  the  next  five  years. 
That’s  a  lot  of  interrupted  concerts,  meals 
and  meetings! 

The  International  Telecommunication 
Union  estimates  that  more  than  40%  of  the 
phones  in  the  U.S.  are  cell  phones.  This  is 
far  lower  than  in  some  other  countries  but 
impressive  considering  the  relative  high 
cost  of  cell  phone  service  in  the  U.S. 

But, as  noted  by  Network  World  columnist 
Keith  Shaw  in  June  (www.nwfusion.com, 
DocFinder:  7232), almost  half  of  U.S.  phone 
users  would  drop  their  dependence  on 
their  landline  phones  and  switch  entirely 
to  the  cell  phone  if  the  price  was  right. 
According  to  CNN,  7.5  million  people  have 
already  gone  cell-only  and  the  number  of 


landline  phones  in  the  U.S.  has  dropped  by 
more  than  5  million  in  the  past  three  years. 

For  people  considering  going  wireless 
there  are  some  things  to  consider.  For  one, 
cellular  coverage  can  be  spotty 

But  the  most  important  difference,  other 
than  mobility,  between  landline  phones 
and  cellular  service  is  that  enhanced  911 
(e9 11)  currently  does  not  work  with  cell 
phones.  So  if  you  call  in  time  of  emergency 
the  rescue  folks  will  not  be  able  to  find  you 
unless  you  are  calm  enough  to  know 
where  you  are  and  can  tell  them. This  defi¬ 
ciency  is  expected  be  fixed  over  the  next 
few  years,  and  might  be  fixed  in  some 
places  already  but  unless  you  plan  to  never 
get  into  trouble,  keep  this  in  mind. 

There  is  something  else  that  another 
party  to  this  situation  must  keep  in  mind. 
Phone  companies  have  billions  of  dollars 
worth  of  copper  wire  in  the  ground  and  on 
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poles.  The  primary  purpose  of  these  wires 
is  now  eroding  and  eroding  the  revenue  of 
those  phone  companies  that  do  not  have  a 
significant  cellular  infrastructure. So  far  the 
erosion  isn’t  significant,  but  the  handwrit¬ 
ing  is  on  the  wall. 

The  phone  companies  can  provide 
Internet  and  video  services  through  their 
lines,  but  losing  the  voice  business  is 
going  to  have  a  very  negative  effect  on 
their  financial  health.You  and  I  might  not 
cry  over  this  (their  employees  will),  but  I 
fear  that  the  FCC  might  try  to  “help”  them 
at  our  expense  —  and  beware  the  help¬ 
ing  hand  of  regulators. 

Disclaimer:  Some  are  fearful  of  Harvard’s 
“help,”  but  it  did  not  help  with  this  column. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 


Videoconferencing 

continued  from  page  21 

[special]  key  to  get  the  ISDN  call 
to  work,  now  that  they’re  going 
through  the  bridge,  and  just  dial 
the  phone  number  on  the  other 
end,”  says  Chip  Owens,  senior 
telecommunications  analyst  with 
the  company. “There’s  no  features 
or  codes  that  a  user  has  to 
painstakingly  figure  out." 

Videoconferencing  helps  con¬ 
nect  Manhattan’s  consultants  with 
clients  and  lets  senior  executives 
around  the  globe  have  meetings 
without  traveling.  IP  is  used  for 
video  calls  on  the  internal  net¬ 
work  with  ISDN  providing  the 
connection  to  the  outside  world, 
says  John  Drummond,  systems 
operations  manager. 

Before  rolling  out  any  technol¬ 
ogy,  Manhattan  makes  sure  all 
features,  software  versions  and 
network  connections  work  as 
advertised.  Potential  videocon¬ 
ferencing  customers  should  be 
wary  of  integrators  that  sell  you 
the  world  but  might  not  have 
your  best  interests  in  mind. 
Drummond  and  Owen  ended  up 
getting  rid  of  an  integrator  that 
did  not  meet  expectations. 

“A  lot  of  integrators  do  a  disser¬ 
vice  to  the  industry?’  says  Phil  Go, 
CIO  of  Barton  Malow,  a  design 
and  construction  firm  in  South- 
field,  Mich.  “They  try  to  package, 
customize  and  do  a  lot  of  ad  hoc 
things  that  don’t  add  much  value 
to  the  unit.  It  really  takes  away 
from  the  unit  and  makes  it  more 
complex.” 

Go,  who  manages  three  Fbly- 
com  group  systems  used  mainly 
for  internal  communications 
among  Barton  Malow's  offices 
around  the  country,  says  cus¬ 


tomers  should  get  to  know  inte¬ 
grators  and  vendors  well  before 
making  a  purchase. 

For  the  Energy  Sciences  Net¬ 
work  (ESNet),the  ISP  run  by  Law¬ 
rence  Berkeley  Labs  (LBL)  under 
contract  from  the  U.S.  Department 
of  Energy  planning  and  working 
with  vendors  on  integration  are 
big  keys  to  success  for  managing 
a  network  with  more  than  1,000 
registered  endpoints  and  support¬ 
ed  by  one  full-time  employee  and 
a  part-timer. 

While  the  network  has  plenty  of 
bandwidth  —  it  has  OC-192  and 


test  member  replied,  “When  we 
call  into  the  bridge,  can  you  have 
Cartman  [a  brash-talking  charac¬ 
ter  from  Comedy  Central’s  ani¬ 
mated  series ‘South  Park’]  handle 
the  voice  prompts?” 

How  much  involvement  there  is 
in  supporting  a  video  call  from 
the  technical  side  can  depend  on 
the  type  of  meeting  taking  place. 
For  smaller  meetings,  an  easy-to- 
dial  system  that  does  not  require 
technical  support  might  be  more 
appropriate. 

At  Manhattan,  a  relatively  hands- 


off  approach  is  more  important, 
where  use  of  the  main  videocon¬ 
ferencing  unit  in  the  Atlanta 
office,  one  of  14  in  the  whole 
company  peaks  at  180  calls  per 
month. 

“Spread  that  [usage]  through 
the  year,  and  half  of  the  calls 
would  save  someone  airfare  to 
somewhere,”  Drummond  says. 
“That’s  big  money  that  adds  up.” 

On  the  opposite  end  of  the 
spectrum,  in  Bristol-Myers 
Squibb’s  executive  briefings  that 
encompass  from  five  to  80  sites 


around  the  globe  and  can 
include  hundreds  of  employees, 
high  touch  is  the  name  of  the 
game.  “We’re  marrying  tradition¬ 
al  video  production  with  other 
technologies,” says  David  Dough¬ 
erty,  supervisor  of  technical  pro¬ 
duction. 

Bristol-Myers  Squibb  spent 
approximately  $14,000  on  video 
production  services  for  each 
event  before  bringing  the  task  in- 
house.  Now  Dougherty  says  the 
company  saves  about  $346,000  in 
production  costs  annually.  ■ 


(XM8  links  making  up  its  back¬ 
bone  —  figuring  out  an  easy  way 
to  manage  every  registered  user  is 
a  challenge,  says  Mike  Pihlman, 
H.323  project  lead  at  LBL  and  the 
one  full-time  employee  dedicated 
to  the  videoconferencing  piece  of 
ESNet. 

Pihlman  worked  with  commer¬ 
cial  vendors  such  as  Radvision, 
Latitude  and  FVC  to  implement  a 
group  of  scheduling  and  reserva¬ 
tion  systems  where  needed  and 
making  the  modifications  neces¬ 
sary  to  work  in  the  ESNet  environ¬ 
ment.  For  instance,  with  most 
scheduled  video  calls  running 
through  an  MCU,  the  MCU  dials 
out  to  each  participant  to  set  up 
the  call. But  Pihlman’s  users  didn’t 
like  the  idea  and  wanted  to  be 
able  to  call  into  a  conference  at 
their  leisure.  Pihlman  worked  with 
his  vendors  to  make  the  neces¬ 
sary  changes  to  support  his  users’ 
wishes. 

User  feedback  can  be  impera¬ 
tive  to  any  application  implemen¬ 
tation,  and  videoconferencing  is 
no  exception.  When  the  pilot 
group  at  Manhattan  Associates 
was  asked  what  could  be  done  to 
make  conferencing  better,  one 


Keynote 

continued  from  page  21 

specified  Web  site  (provided  by  Keynote)  from  their 
desktop  with  a  user  ID  and  password.  A  set-up  wiz¬ 
ard  helps  customers  design  reports  that  will  show 
them  the  parameters  they  want  to  measure  and  set 
performance  thresholds. 


For  example,  a  user  could  monitor  the  perfor¬ 
mance  of  his  company’s  Web  site  from  specific 
cities.  And  a  network  operations  user  could  track 
packet  loss  and  image  loading  time  for  specific 
applications  and  images  on  the. Web  site. 

Keynote  has  yet  to  finalize  the  pricing  but  says  cus¬ 
tomers  could  pay  as  much  as  $10,000  for  the  initial 
setup  and  $5,000  per  month  for  the  service.  ■ 


Keeping  score 


Keynote’s  latest  service,  code-named  Project  Firefly,  will  let  business  and  network 
managers  see  how  their  Web  site,  and  all  its  components,  respond  to  hits  from 
various  locations. 


Business  and  network  (packet  loss 
and  backbones)  statistics  show  Web 
site  performance. 


Project  Firefly  measures  how  each 
component  of  Web  site  or  page  per¬ 
forms  from  loading  times  of  images 
and  content  delivery,  to  overall 
availability  of  the  page. 


Color-coded  boxes  indicate  perfor¬ 
mance  degradations  and  potential 
problems.  Managers  can  drill  down 
on  each  box  to  get  more  detailed 
performance  information. 
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■  Broadband  provider  New  Edge 
Networks  will  wholesale  DSL  ser¬ 
vice  from  DSLnet,  letting  New  Edge 
offer  service  in  the  mid-Atlantic  and 
Northeast  regions.  This  agreement 
augments  the  600  switching  offices 
from  which  New  Edge  can  support 
DSL  with  500  offices  supported  by 
DSL.net.  In  addition  to  Internet 
access  via  DSL,  New  Edge  sells 
frame  relay  service  over  DSL,  a  less- 
expensive  alternative  for  frame  cus¬ 
tomers  that  need  between  a  56K- 
bit/sec  link  and  aT-1  (1.544M  bit/sec) 
frame  connection. 

■  Equant  is  making  a  push  to  grab 
hosting  company  and  managed  ser¬ 
vice  provider  customers  that  might 
be  in  financial  trouble.  Called  Server 
Migration  Program,  the  effort 
promises  to  evaluate  customers’ 
needs  and  propose  Equant  services 
to  replace  those  provided  by  its  com¬ 
petitors.  Equant,  whose  network 
reaches  into  more  than  150  countries, 
says  it  will  focus  the  program  on 
companies  with  sites  in  many  coun¬ 
tries.  Equant  offers  managed 
servers,  security  and  messaging,  and 
a  range  of  consulting. 

■  Sorrento  Networks  last  week 
closed  the  acquisition  of  optical- 
access  vendor  LuxN.  Sorrento  had 
announced  its  plan  to  acquire  LuxN  in 
June.  LuxN  supplies  optical-access 
equipment  for  the  network  edge  using 
coarse  and  dense  wavelength  division 
multiplexing.  Sorrento  makes  optical 
products  for  metropolitan/regional 
network  applications.  The  LuxN  acqui¬ 
sition  adds  about  20  customers  to 
Sorrento’s  installed  base. 

■  Sprint  PCS  customers  now  can 
subscribe  to  a  package  of  multimedia 
content  delivered  to  their  cell  phones 

by  RealNetworks.  For  $4.95  per 
month,  subscribers  get  access  to 
news  and  information  from  media 
services  such  as  ABC  News,  CBS 
MarketWatch,  Fox  Sports,  National 
Public  Radio  and  The  Weather 
Channel,  in  addition  to  entertainment 
services. 


Nextel  to  offer  Wi-Fi  service 

Carrier  joining  RadioFrame  Networks  to  deliver  fully  managed  private  service. 


■  BY  DENISE  PAPPALARDO 

Nextel  is  teaming  with  RadioFrame 
Networks  to  offer  a  fully  managed,  in¬ 
building  wireless  LAN  service. 

The  planned  offering,  Integrated  iDEN/ 
WLAN,  lets  business  users  establish  not 
only  a  Wi-Fi  network  throughout  their 
building  or  campus,  but  also  lets  them 
improve  their  Nextel  service  coverage  in 
the  same  area. 

While  Nextel’s  competitors,  including 
Sprint  PCS  and  T-Mobile  have  been  tout¬ 
ing  public  Wi-Fi  offerings,  Nextel’s  first 
foray  into  Wi-Fi  is  focused  exclusively  on 
private  network  support. 

T-Mobile  probably  has  been  one  of  the 
most  active  Wi-Fi  supporters,  having  built 
out  2,300  public  hot  spots  since  last  year. 
Sprint  PCS  more  recently  jumped  into  the 
Wi-Fi  arena.  Last  month  the  company 
announced  that  it’s  building  2,100  public 
wireless  hot  spots  to  offer  wireless  service 
customers  access  to  the  Internet  and  their 
corporate  networks  while  at  airports,  con¬ 
vention  centers  and  hotels  across  the 
country. 

“The  Wi-Fi  service  market  is  still  in  its 
early  stages,”  says  Sarah  Kim,  an  analyst  at 
The  Yankee  Group.  Nextel  is  approaching 
the  market  from  a  private-service 
approach,  which  might  be  better  suited 
for  its  existing  customer  base,  she  says. 


Nextel  has  a  significant  number  of  users 
in  the  healthcare  and  construction  mar¬ 
kets,  which  both  seem  like  logical  markets 
for  users  of  a  WLAN  service  that  also 
increases  voice  service  support,  Kim  adds. 

Nextel’s  private  Wi-Fi  service  includes 
network  consultation  and  design  with  rep¬ 
resentatives  from  Nextel’s  Custom  Net¬ 
work  Solutions  division. Once  the  network 
design  is  established,  Nextel  deploys 
RadioFrame  Units  that  connect  directly  to 
existing  Category-5  LAN  cabling,  which 
many  customers  already  have  installed. 
This  lets  a  customer  leverage  existing 
infrastructure  while  upgrading  to  a  more 
flexible  Wi-Fi  network,  says  Ernie  Cormier, 
vice  president  of  business  solutions  at 
Nextel. 

Standard  wire-line  LAN  support  also  lets 
customers  link  Wi-Fi  users  to  existing  net¬ 
work  servers  and  Internet  access  connec¬ 
tivity  points. 

The  RadioFrame  Units  can  support  up  to 
seven  RadioBlades,  which  are  transceivers 
in  the  form  of  fat  cards,  4  inches  long  by  3 
inches  wide  and  about  a  half-inch  thick. 
While  RadioFrame  offers  several  types  of 
RadioBlades,  including  those  that  support 
3G  wireless  technologies  such  as  GSM, 
Nextel  is  deploying  802.11b  and  iDEN 
wireless  network  transceiver  RadioBlades. 

The  RadioFrame  Units  act  as  Wi-Fi 
access  points  to  the  user’s  private  WLAN 


Wi-Fi  from  Nextel 

Nextel’s  iDEN/WLAN  service  lets 
business  users  set  up  an  in¬ 
building  wireless  LAN  that’s  fully 
managed  by  the  carrier.  The 
service  price  is  based  on: 

•  Nextel  voice  and  data  service 
packages  the  users  adopt. 

•  Handheld  devices  deployed  to 
employees. 

•  Number  of  RadioFrame  WLAN 
devices  deployed  throughout  the 
network. 

•  Wireless  PBX  support. 

•  Network  maintenance,  monitoring 
and  upgrade  packages. 

•  Network  design,  installation  and 
consulting. 

•  Wireless  data  applications 
supported,  such  as  fleet  and 
inventory  management. 

network  and  an  access  point  to  Nextel’s 
public  wireless  network.  Nextel’s  national 
mobile  wireless  network  is  based  on 
Motorola’s  iDEN  technology 

See  Nextel,  page  25 


Sawis  touts  voice  mgmt  services 


■  BY  DENISE  PAPPALARDO 

Sawis  Communications  is  expected  to 
announce  a  wide-ranging  partnership 
with  AccessLine  Communications  this 
week  that  will  result  in  a  suite  of  new  host¬ 
ed  voice  services  for  customers  and 
increased  traffic  over  the  Sawis  back¬ 
bone. 

The  service  provider  is  teaming  with 
AccessLine  to  offer  its  suite  of  Voice 
Application  Services  to  Sawis’  managed 
service  business  customers.  The  services 
let  users  migrate  the  headache  of  manag¬ 
ing  a  voice  network  off-site  while  also 
upgrading  to  a  voice-over-IP  environment 
that  promises  more  flexibility,  according 
to  company  executives. 

The  offering  includes  hosted  Switched 


800  Service,  Conferencing  Service, 
Mobility  Teleworking,  Disaster  Recovery, 
Auto-attendant  and  IP  Voice  VPN. 

“We  wanted  to  offer  our  customers 
voice  services,  but  the  current  trend  of 
teaming  with  a  hardware  vendor  didn’t 
make  sense,” says  Rob  McCormick,  CEO  at 
Sawis.  With  these  services,  users  can 
upgrade  to  new  services  without  the  cost 
of  deploying  new  equipment,  he  says. 

The  services  are  hosted  off-site  on  gear 
developed  by  AccessLine  and  accessed 
either  through  the  traditional  public 
switched  telephone  network  or,  more  like¬ 
ly  with  most  new  customers,  over  Sawis' 
IP  backbone. 

Hosted  IP  voice  services  are  growing  in 
popularity.  This  year,  users  are  expected  to 
spend  $281  million  on  these  services, 


according  to  1DC,  and  by  2007  that  figure 
is  expected  to  jump  up  to  $2.8  billion,  the 
firm  predicts. 

Sawis  is  setting  up  a  “peer”  between  its 
network  and  AccessLine’s  network  infra¬ 
structure  so  new  Sawis  customers  will 
have  direct  access  to  AccessLine’s  hosting 
environment. 

AccessLine  plans  to  migrate  all  its  host¬ 
ing  gear  into  Sawis  facilities,  McCormick 
says.  While  there  is  not  a  specific 
timetable  as  to  when  the  cutover  will  be 
complete,  McCormick  says  he  expects  the 
transition  to  take  about  six  months. 

The  migration  lets  AccessLine  transfer  its 
existing  customers  an  IP  network,  while 
also  partnering  with  a  service  provider 
that’s  focused  on  high-quality  managed 
See  Sawis,  page  25 


Compare:  Dell/EMC  Storage  vs.  HP  Storage 

Dell/EMC  CX400 

HP/ EVA  3000 

DAS,  NAS  or  SAN 

Deployability 

NAS  or  SAN 

Fibre  Channel 
and  ATA 

Flexibility 

Fibre  Channel 

Only 

Up  to  13.4TB 

Scalability 

Up  to  8.2TB 

Up  to 

60  Storage  Pools 

Configurability 

Up  to 

16  Storage  Pools 

Features  as  of  6/16/03  and  are  subject  to  change. 

Dell  |  EMC  Storage  Solutions 

Large  or  small,  your  company  can  have  a  flexible  storage  solution  from  Dell.  As  you  can  see,  Dell  offers 

a  variety  of  solutions  that  give  you  the  flexibility  to  grow.  Complete  storage  solutions  -  including  software  and 
services  -  that  deliver  maximum  productivity  and  scalability. 

See  for  yourself  why  companies  from  small  business  to  the  Fortune  500  are  turning  to  Dell/EMC  SAN  solutions. 
Go  to  www.dell.com/SAN4  today  and  click  the  Storage  Consolidation  ROI  Analyst  Tool. 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


A  big  part  of  my  job  is  translating 
between  IT  professionals,  vendors 
and  venture  capitalists.  It  isn’t  as 
easy  as  it  sounds  because  they  often  use 
the  same  words  to  mean  different 
things. 

Take  the  concept  of  competition. To  ven¬ 
dors,  service  provide  and  venture  capital¬ 
ists,  a  “competitive"  product  very  often  is 
one  that  looks,  smells  and  feels  a  lot  like 
yours  —  it  relies  on  the  same  fundamental 
technologies  to  solve  the  same  sets  of 
problems.  Under  this  definition, Sprint  and 
AT&T  compete  with  each  other,  and  Cisco 
and  Juniper  compete  with  each  other,  but 
you  wouldn’t  say  that,  for  example,  Cisco 
competes  with  AT&T. 

IT  professionals  generally  use  a  differ¬ 
ent  definition.  To  them,  “competitive” 
products  are  different  approaches  to 
doing  the  thing  you  need  done.  For 
example,  if  you’re  trying  to  get  more 
bandwidth  to  a  remote  office,  you  might 
look  into  broadband  services.  You  also 
might  consider  buying  a  router  with 


SSL:  The  next-generation  VPN 


compression  or  prioritization  abilities 
that  can  help  you  do  more  with  less. 
Under  this  definition,  Cisco  and  AT&T 
do  compete,  because  your  choice  is 
between  buying  a  Cisco  box  and  more 
bandwidth  from  AT&T. 

Most  recently,  I’ve  run  up  against  this 
odd  dichotomy  of  perspective  when  it 
comes  to  SSL  vs.  IPSec.  Several  vendors  of 
IPSec  and  SSL  VPN  products  and  solu¬ 
tions  insist  that  their  offerings  “don’t  com- 
pete”with  the  other  guys.“Oh, we’re  IPSec, 
they’re  SSL,”  the  CEO  of  one  such  compa¬ 
ny  sniffed  at  me.  “They’re  very  different 
technologies.” 

True:  SSL  and  IPSec  are  different.  Or  as 
we  techies  like  to  say,  they’re  orthogonal. 

SSL  defines  a  secure,  encrypted  commu¬ 
nications  mechanism  between  applica¬ 
tions,  most  commonly  between  a  Web 
browser  and  server.  It’s  independent  of  the 
underlying  protocols  (particularly  IP). 
IPSec  provides  a  secure,  encrypted  com¬ 
munications  mechanism  at  the  IP  layer.  It’s 
independent  of  the  application,  meaning 
that  any  application  that  uses  IP  can  run 
across  it. 

However,  both  schemes  solve  the  same 
fundamental  business  problem:  manag¬ 
ing  and  controlling  third-party  access  to 
your  network,  applications  and  re¬ 
sources. 


So  I’m  with  the  IT  professionals  on  this 
one.  IPSec  and  SSL  do  compete.  More  to 
the  point,  SSL  is  gaining  real  traction  as  a 
VPN  service  offering.  For  example,  Fiber- 
link  Communications,  a  managed  services 
provider,  is  partnering  with  Neoteris,  a 
manufacturer  of  SSL-based  VPNs,  to  let 
Fiberlink  set  up  and  manage  policy-based 
VPNs  for  companies  and  their  third-party 
partners,  contractors  and  suppliers.  And 
Aventail  and  Bell  Canada  just  signed  a 
similar  deal. 

Why  are  SSL-based  VPNs  gaining 
momentum?  Because  unlike  IPSec,  SSL 
doesn’t  require  changes  to  the  remote 
machine  or  network.  Users  don’t  need  to 
install  or  configure  special-purpose  client 
software,  making  it  easier  to  configure 
and  manage  VPNs.  The  drawback  is  that 
SSL  is  defined  for  a  relatively  narrow  set  of 
applications. 

Increasingly,  though,  corporations  are 
“Webifying”  their  legacy  apps  —  or  even 
jumping  whole  hog  into  Web  Services  — 
which  makes  SSL  increasingly  attractive. 
So  I’m  confident  the  trend  of  SSL-based 
VPN  services  only  will  continue. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research ,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Sawis 

continued  from  page  23 

services,  says  Doug  Johnson,  CEO  at 
AccessLine. 

Johnson  says  the  company  plans  to 
move  most  of  its  customers,  but  some  will 
remain  on  AccessLine’s  legacy  network. 

AccessLine  offers  hosted  voice  services 
to  100,000  customer,  including  American 
Express,  IBM  and  Sun. The  majority  of  the 
company’s  customers  still  are  running 
most  of  their  services  over  traditional 
TDM  voice  networks,  but  many  are  mov¬ 
ing  toward  IP  which  is  where  Sawis  fits  in, 
Johnson  says. 

Sawis  operates  a  national  IP  network 
that  runs  over  ATM.  The  service  provider 
has  2,000  managed  service  customers 
that  will  be  able  to  upgrade  any  of  their 
existing  services  to  support  Sawis’  new 
voice  offerings  using  their  existing  net¬ 
work  connectivity.  ■ 


More  online! 

Learn  how  to  avoid  unexpected  costs 
when  deploying  VoIP. 
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Nextel 

continued  from  page  23 

“These  customer  iDEN  networks 
become  an  extension  of  Nextel’s  macro 
network,”  Cormier  says.  Any  Nextel 
mobile  user  entering  an  Integrated 
iDEN/WLAN  building  or  campus  actual¬ 
ly  might  be  accessing  the  wireless  carri¬ 
er’s  public  network  through  a  Radio- 
Frame  Unit. 

The  idea  is  to  let  users  increase  their 
Nextel  coverage  throughout  their  cam¬ 
pus  to  support  more  reliable  service, 
Cormier  says. 

Nextel’s  Custom  Network  Solutions 
division  sets  up  and  manages  these 
WLAN  networks  for  customers.  Cormier 
says  Nextel  decided  to  work  with 
RadioFrame  because  the  company’s 
products  let  users  easily  upgrade  to  the 
latest  802.11  standards  as  they  emerge. 
Upgrading  to  802.1  lg,  for  example,  is  as 
easy  as  pulling  out  an  802.11b 
RadioBlade  and  replacing  it  with  an 
802.1  lg  RadioBlade, he  says.“This  allows 


users  to  future-proof  their  networks,”  he 
says. 

RadioFrame  is  the  first  802.11  vendor 
with  which  Nextel  has  teamed.  While  it 
is  focusing  on  private  Wi-Fi  network  sup¬ 
port  initially,  Cornier  says  the  company 
has  not  ruled  out  public  Wi-Fi  service 
support  in  the  future.  The  carrier  would 
not  elaborate  on  public  Wi-Fi  service 
plans. 

Nextel  says  it  has  pilot  customers  test¬ 
ing  the  service  today. The  carrier  expects 
the  service  will  be  available  by  the  end 
of  September,  but  it’s  looking  at  a  “con¬ 
trolled  introduction,”  Cormier  says.  “We 
aren’t  looking  to  sign  up  100  customers 
as  soon  as  we  launch.” 

Because  most  of  the  networks  are  cus¬ 
tomized,  Cormier  says  it’s  difficult  for 
Nextel  to  offer  pricing  information.  But 
service  cost  is  based  on  several  factors, 
including  the  public  voice  and  data 
service  packages  a  user  purchases, 
the  number  of  RadioFrame  Units  de¬ 
ployed  and  the  types  of  data  applica¬ 
tions  supported.® 
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Visit  www.dell.com/SAN4  and  go  to  the 
Dell  Storage  Consolidation  R0I  Analyst 
Tool  for  a  free  business  case  analysis  that 
clearly  outlines  the  best  storage  solution 
for  you.  From  needs  and  deployment 
to  enterprise-level  services,  Dell's 
comprehensive  storage  consolidation 
solution  will  help  you  determine  your 
organization's  exact  requirements,  and 
help  simplify  the  implementation. 


Or  call  1-866-871  -9877  today  to  speak  with 
a  Dell  representative.  Together  you  can 
assess  your  situation  and  then  develop  a 
cost-effective  storage  solution  that  can 
improve  both  your  operations  and  your 
bottom  line. 
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Take  Our  Risk-Free  30-Day  Covad  T1  Challenge 


4  CALL  1-800-555-0456 

4ni/v  Try  our  T1  for  one  month  and  we’ll  pay  for  installation. 
mie  not  completely  satisfied,  we’ll  refund  your 
monthly  fee  and  equipment  cost. 
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WHY  SWITCH  TO  COVAD  DATAT1? 

•  Service  Level  Guarantees  •  4-hour  mean  time  to  repair  •  Guaranteed  99.99% 
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T1  ACCESS  FOR  HUNDREDS  LESS 
DOES  WONDERS  FOR  THE  REPUTATION. 


We  just  lowered  our  prices  and  waived  our  installation  fees. 
And  that’s  for  the  same  premium  performance  and  specialized 
service  that  has  made  us  the  fastest-growing  T1  data 
provider  in  the  nation.  Still,  we  don’t  expect  you  to  be 
convinced  overnight.  That’s  why  we’re  giving  you  30  days  of 
no-risk  trial. 
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WHO  HAS  BUILT  MORE  THAN 
2800  INDUSTRIAL-STRENGTH 
NETWORKS  IN  204  COUNTRIES? 


Extreme  Networks. 

We  are  a  global  pioneer  in 
developing  networking 
infrastructure  for  IP-based 
applications  in  the  large 
enterprise  and  metro 
service  provider  markets. 

We  see  a  world  emerging 
where  all  electronic 
communications  flow  over 
Ethernet  and  IP.  Anticipating 
the  millions  of  connections 
your  network  will  support, 
we  deliver  a  Business 
Optimized  Infrastructure  that 
provides  explosive  scalability, 
eliminates  capacity  issues 
and  enhances  application 
performance  at  the  lowest 
total  cost  of  ownership. 

To  learn  more,  visit 
extremenetworks.com/boi.htm 


ADVERTISEMENT 


With  stellar  10G 
Ethernet  sales  to 


The  University  of  Warwick  in  the  U.K.  uses  it  to  support  100Mbps  connec¬ 
tions  to  5,300  student  rooms,  enabling  transfer  of  e-leaming  applications  and  associated  multimedia 


date  and  a  new 
high-density  1 OG 
switch  in  the  works, 
Extreme  Networks® 
is  poised  for  the 
1  OG  explosion. 


The  Extreme  Networks 
BlackDiamond: 

A  reliable,  ultra-high  bandwidth 
foundation  for  1 0G  Ethernet. 


materials.  Liberty  Medical  Supply  uses  it  to  connect  three  sites  with  fiber,  enabling  the  company  to 
support  interactive  applications  and  storage-area  network  traffic.  Hancock  Telecom,  a  local  exchange 
carrier  in  Indiana,  uses  it  to  deploy  high-speed  Ethernet  services  to  customer  homes. 


Three  organizations  with  very  dif¬ 
ferent  requirements,  but  one  thing  in 
common:  They  needed  10G  Ethernet, 
and  they  got  it  from  Extreme 
Networks. 

These  organizations  are  far  from 
alone.  Extreme  Networks  is  the  leader 
in  market  share  for  Layer  3  10G 
Ethernet  port  shipments,  according  to 
market  research  firm  Dell’Oro  Group 
(reported  for  the  quarter  ended  March 
2003).  Customers  are  finding  Extreme 
Networks’  BlackDiamond®  switch 
provides  a  reliable,  ultra-high  band¬ 
width  foundation  for  10G  Ethernet, 
enabling  them  to  support  advanced 
applications,  including  convergence  of 
data  with  voice  and  video,  high-speed 
storage  and  enterprise  resource  plan¬ 
ning  software. 

“As  more  devices  come  on  to  cus¬ 
tomer  networks,  driving  up  traffic  lev¬ 
els,  the  pressure  to  implement  1 0G  is 
really  starting  to  ramp  up,”  says  Ameet 
Dhillon,  senior  product  manager  for 
BlackDiamond  with  Extreme  Net¬ 
works.  “At  the  same  time,  10G  per- 
port  prices  are  coming  down,  particu¬ 
larly  as  we  introduce  XENPAK  plug¬ 
gable  optics.” 

The  Extreme  Advantage 

One  of  the  reasons  BlackDiamond 
is  so  adept  at  handling  10G  Ethernet 
is  Extreme’s  implementation  of  qual- 
ity-of-service  (QoS)  features.  QoS 
enables  customers  to  differentiate 
among  the  various  types  of  traffic 
flowing  through  their  networks,  giv¬ 
ing  preferential  treatment  to  delay- 
sensitive  traffic  such  as  voice  and 
video,  for  example.  With  many  ven¬ 
dors’  implementations,  turning  on 
QoS  means  taking  a  dramatic  perfor¬ 
mance  hit,  but  that  is  simply  not  the 
case  with  BlackDiamond.  In  fact, 
with  QoS  turned  on,  BlackDiamond 


handled  Network  Computing’s  “most 
rigorous  tests”  without  dropping  a 
single  packet,  earning  an  Editor’s 
Choice  award  and  the  publication’s 
annual  Well-Connected  award  in  the 
lOGigabit  Switch  category. 

Another  Extreme  differentiator  is 
the  fact  that  it  uses  the  same  ASIC 
technology  and  operating  system 
across  its  three  switch  families: 
Summit,  Alpine  and  BlackDiamond, 
which  address  edge,  aggregation  and 
core  requirements,  respectively.  The 
approach  dramatically  simplifies  net¬ 
work  operations  because  once  you 
learn  how  to  use  one  platform,  you 
know  them  all.  That,  in  turn,  reduces 
total  cost  of  ownership  (TCO). 

A  number  of  other  standard  Extreme 
features  help  reduce  TCO,  including 
the  BlackDiamond’s  use  of  a  central¬ 
ized  engine  for  providing  Multi- 
Protocol  Label  Switching  (MPLS). 
That  enables  any  port  connected  to  the 
switch  to  be  instantly  MPLS-enabled, 
including  10G  Ethernet  ports,  at  no 
extra  cost.  Similarly,  for  more  than  a 
year,  all  Extreme  switches  have  been 
IPv6-enabled,  an  issue  that  federal  gov¬ 
ernment  users  and  contractors  are  now 
following  closely.  “The  Extreme 
approach  provides  future  proofing,  on 
top  of  cost  savings,”  Dhillon  says. 

Building  for  the  Future 

To  keep  up  with  customer  require¬ 
ments,  Extreme  has  announced  plans 
to  deliver  a  higher  density  10G  plat¬ 
form.  Code-named  Mariner  and  due 
out  by  the  end  of  2003,  the  switch  will 
offer  up  to  48  10G  Ethernet  ports, 
480  Gigabit  Ethernet  ports  or  a  mix  of 
the  two-the  highest  density  in  the 
industry.  BlackDiamond,  with  its  10G 
interface  capability,  will  be  comple¬ 
mentary  to  Mariner,  able  to  feed  traf¬ 
fic  to  the  high-density  core  switch. 


Mariner  will  cross  a  new  cost  thresh¬ 
old  with  respect  to  10G  Ethernet, 
with  per-port  prices  expected  to  be  in 
the  $8,000  range.  With  pricing  for  the 
BlackDiamond  G16Xi  Gigabit  Ether¬ 
net  module  at  about  $1,300  per  port, 
that  means  we  are  about  to  cross  the 
point  where  the  price  per  port  for  10G 
is  less  than  the  cost  of  10  ports  of 
Gigabit  Ethernet. 

The  price  break  comes  at  an  oppor¬ 
tune  time  for  customers,  who  contin¬ 
ue  to  add  more  traffic  to  their  net¬ 
works  from  all  kinds  of  new  sources. 
Various  wireless  devices  are  now 
attaching  to  corporate  networks,  rang¬ 
ing  from  the  traditional,  such  as  PDAs 
and  laptops,  to  the  not-so-traditional, 
such  as  RF  tags  that  monitor  the 
whereabouts  of  goods  in  a  warehouse. 
Companies  are  also  adding  traffic 
from  building  management  systems 
that  collect  data  from  heating  systems, 
door  locks,  light  switches  and  the  like, 
as  well  as  feeds  from  video  surveillance 
cameras,  all  of  which  give  new  mean¬ 
ing  to  the  term  “convergence.” 

At  the  same  time,  most  servers  and 
many  desktops  and  laptops  now  ship 
with  Gigabit  Ethernet  support  built-in. 
As  the  number  of  users  with  these  com¬ 
puter  systems  reaches  critical  mass, 
users  will  demand  Gigabit  Ethernet 
connections  to  their  desktops,  a  move 
that  promises  to  boost  performance 
significantly.  In  a  recent  test, 
Competitive  Systems  Analysis,  Inc.,  a 
consulting  firm  in  Wellington,  Fla., 
found  that  ordinary  office  applications 
increased  in  performance  between 
35%  and  40%  when  run  over  Gigabit 
Ethernet  instead  of  Fast  Ethernet, 
while  database  transactions  saw  a  30% 
to  47%  performance  boost.  Higher 
speeds  at  the  edge  will  mean  greater 
bandwidth  demands  in  the  core-and 
1 0G  Ethernet  is  the  answer. 


Visit  http://www.extremenetworks.com/go/bd.htm 
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From  Simple  Building  Blocks  to  Carrier  Grade  Solutions... 

Whether  your  application  is  Campus  Enterprise,  Cable  MSO  or  Metro  Access,  MRV  has  a  flexible 
optical  solution  that  fits  within  your  budget.  Our  CWDM  and  DWDM  systems  help  you  increase 
your  bandwidth  capacity,  or  offer  wavelength  services  --  from  T1/E1  to  OC-48,  and  any 
Ethernet  or  Storage  protocol.  ♦  We  provide  solutions  from  'do-it-yourself  WDM  with  our 
pluggable  optics  (SFP  &  GBIC)  -  including  digital  diagnostics,  a  powerful  management  tool  at 
the  optical  interface  level  -  all  the  way  to  full-size  modular  systems  with  64  DWDM 
wavelengths.  ♦  Since  1988,  we  have  provided  connectivity  solutions  for  networks  that  scale 
in  size,  speed,  distance  and  complexity.  In  fact,  some  of  the  world's  largest  networks  rely  on 
our  switches,  routers,  optical  transport  systems  and  remote  presence  equipment. 
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A  network  engineer  assesses  the  latest  round  of  10G  switches  from 
Avaya,  Cisco,  Extreme  Networks,  Foundry  Networks  and  ForcelO  Networks. 
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an  editorial  supplement  to 
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BY  ZACH  FIERSTADT 

WtfNN  rom  the  inception  of  its  conceptual  framework  in  late  1999  to 
the  standardization  of  IEEE  802.3ae  in  mid  2001, 10G  Ethernet 
has  been  one  of  the  most  anticipated  and  exciting  technologies 
on  the  internetworking  scene.  Besides  boasting  throughput  10  times  that 
of  the  already-blazing  Gigabit  Ethernet,  10G  finally  gives  Ethernet-based 
networks  the  ability  to  contend  with  the  more-established  WAN  technolo¬ 
gies  such  as  packet  over  SONET  and  ATM  over  high-speed  OC/synchro 
nous  transfer  mode  circuits. 

To  the  chagrin  of  many  a  network  engineer  and  architect,  the  first 
round  of  10G  products,  released  less  than  a  year  after  standardization, 
proved  to  be  subpar.Some  gear  barely  reached  half  the  throughput 
defined  in  the  specification,  while  others  suffered  from  high  amounts  of 
latency  and  jitter.  Potential  customers  quickly  adopted  an  air  of  weary 
criticism,  making  it  clear  they  would  wait  for  more-refined  products 
before  making  major  purchasing  decisions. 

The  wait  has  been  short.  Round  Two  of  10G  products  are  here;  the  line¬ 
up  looks  promising. 

Vendors  that  did  not  have  Round  One  offerings  are  delivering  their  first, 
more  mature  10G  gear,  while  others  already  in  the  market  are  releasing 
more-refined  versions  of  their  earlier  units  in  hopes  of  improving  bench¬ 
marks  and  winning  demand  for  their  products.  Most  vendors  say  they 
have  worked  out  the  kinks  in  throughput  capacity,  leaving  most  of  the  dif¬ 
ferentiation  to  features  including  quality  of  service  (QoS),  IEEE  802.3ad 
link  aggregation  and  reprogrammable  ASICs. 

The  improvements  are  coming  none  too  soon  for  a  growing  number  of 
enterprise  network  users  who  need  to  scale  past  1G  Ethernet.Their  justifi¬ 
cations  for  1 0G  devices  include  high-volume  storage-area  networks  and 
back-up  segments,  IP  telephony  Gigabit-backed  main  distribution  facili¬ 
ties,  enterprise  metropolitan-area  networks  (MAN),  points  of  presence 
interconnected  via  1G  trunks,  real-time  audio  and  video  multicasting,  and 
data  centers  with  switching  and  routing  cores  leveraging  many  1G  trunks. 

“I  would  use  lOGig  for  aggregation  at  the  enterprise  core,  where  multi¬ 
ple  data  centers  aggregate  via  WAN  backhauls  to  one  central  border 
network,”  says  Chris  Rogers,  a  lead  network  engineer  at  InfoSpace,  a 
provider  of  wireless  and  Internet  software  and  application  services  in 
Bellevue,  Wash.Td  also  use  it  anywhere  throughput,  latency  and  jitter 
were  major  issues.” 

Likewise  for  lOGs  use  in  a  management  or  dedicated  back-up  network 
on  which  lots  of  data  needs  to  move  quickly, says  Claude  Johnson,  Unix 
systems  engineer  for  enterprise  hosting  firm  Digex.Un  a  network  of  thou¬ 
sands  of  systems,  during  a  limited  back-up  window,  I  want  to  move  as 
much  data  to  my  back-up  servers  as  quickly  as  possible  and  keep  those 
very  expensive  processors  bus/  he  says. 

Now  with  production-quality  10G  units  at  the  ready,  enterprise  network 
managers  must  decide  which  vendor  has  the  most  cost-effective,  scalable 
products  and  how  this  fast  technology  best  fits  into  their  networks. 

Switch  vendors  will  have  to  strike  a  balance  between  price,  hardware 
density  and  software  features  to  grab  the  attention  of  these  users.  Avaya, 
Cisco, Extreme  Networks, Foundry  Networks  and  newcomer  ForcelO 
Networks  are  representative  of  the  renewed  10G  efforts. They  each  rolled 
out  initial  10G  Ethernet  switches  in  2002  that  Network  World  bench- 
marked  earlier  this  year  (www.nwfusion.com,  DocFinder:  6627). 


lOGfor  the  campus  LAN 

Campus  1  Campus  2 


i 


J\ 

_ 


Up  to  25  miles  over 
-single-mode  fiber- 


jnnnnnna^^^"^^^ruvuTnrviIIi^ 


i 


10G  or  1G  trunks 

(ntvvmnrC^mmm^rvvvvvv\-^) 


10G 
backbone 


10G  or  1G  trunks 


(nnnnnr\n^^mmm7r\nr 


fnnnnnnrL^rm 


nnnnnnnjjnruwrvvT^fl 


:  ... 


10G  for  the  enterprise  MAN 

(an  alternative  to  SONET  transport) 
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Data  center 


10G  for  the  enterprise  SAN 

(an  alternative  to  Fibre  Channel) 


1G  uplink  to 
distribution  layer 


10G  switch 


Storage  VLAN, 
multiple  1G  trunks 
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Load-balanced  file/content  servers 


Tape  libraries/archiving  systems 
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At  a  minimum,  you'll  need 
to  know  the  answers  to 
these  questions  to  make  a 
sound  decision  on  what  10G 
Ethernet  vendor  to  embrace. 
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Following  a  limited  10G 
Ethernet  deployment, 
Industrial  Light  &  Magic 
plans  a  new,  super-powered 
corporate  network  that  will 
use  a  mind-boggling  200 
10G  interconnects. 
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10G  Ethernet  holds  endless 
possibilities  for  seamlessly 
extending  enterprise  net¬ 
works  into  the  MAN  and 
across  the  WAN. 
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At  a  minimum,  you’ll 
need  to  know  the 
answers  to  these 
questions  to  make  a 
sound  decision  on 
what  10G  Ethernet 
vendor  to  embrace. 
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•  What  is  the  aggregate 
non-blocking  throughput 
capacity  of  each  10G 
blade? 

•  What  is  the  maximum 
forwarding  rate  for 
each  10G  blade? 

«  Does  the  unit  support 
wire-speed  filtering  and 
QoS? 

•  How  well  does  the  unit 
allow  you  to  segregate 
production  traffic  from 
management  traffic? 

•  What  is  the  maximum 
number  of  10G  links  per 
aggregated  trunk? 
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Avaya  and  the  Czuuns 

Avaya  now  has  two  units  on  its  10G  menu:  the  Cajun-series  P882 
MultiService  Switch,  for  carrier  cores,  and  the  P580,more  suitable  for 
companies  with  midrange  to  high-end  computing  needs. With  a  55G- 
bit/sec  backplane  and  a  forwarding  rate  of  40  million  packet/sec,  the 
multilayer  switch  does  not  offer  much  competition  in  terms  of  perfor¬ 
mance.  And  while  users  should  expect  to  see  the  Cajun-series  switches 
priced  less  expensively  than  10G  units  rolled  out  from  more-established 
vendors  such  as  Cisco  and  Foundry,  the  cost  is  still  relatively  high  with 
respect  to  performance  and  density  This  is  especially  the  case  when  tak¬ 
ing  into  account  that  ForcelO  offers  line-rate  10G  ports  at  half  the  cost. 

The  P580,  which  is  supposed  to  have  a  20%  speed  increase  over  the 
original  P550, still  harbors  the  cross-bar  chassis  design  that  inhibited  its 
throughput  levels  when  tested  earlier  this  year.  It  will  take  new  testing  to 
know  whether  the  upgraded  chassis  really  has  resolved  congestion 
issues  in  the  crossbar  or  the  8G-bit/sec  cap  on  the  switch  fabric,  as  Avaya 
says.  However,  it  seems  doubtful  considering  that  the  only  major  differ¬ 
ence  appears  to  be  a  boost  in  CPU  clock  speed. 

The  P580’s  scaling  attributes  also  are  somewhat  weak,  with  a  maxi¬ 
mum  of  eight  10G  ports,  48  1G  ports  and  288  10/100M  bit/sec  ports. 

But  on  more  positive  notes,  the  Cajun  line  offers  a  solid  set  of  soft¬ 
ware  features,  most  notably  for  QoS.  And  benchmark  testing  against  traf¬ 
fic  shaping  and  queuing  features  has  been  positive,  with  the  Avaya 
code  enforcing  traffic  classes  and  queuing  policies  with  strict  preci¬ 
sion. The  same  goes  for  jitter  and  delay 

The  Cajun  P580  might  not  be  the  best  choice  for  the  corporation 
that’s  looking  for  high  scalability  and  full  10G  performance  benefits  at 
the  core  and  distribution  layers,  but  it  could  serve  as  a  relatively  cost- 
effective  solution  for  firms  looking  to  leverage  wide-scale,  QoS- 
enhanced  voice-over-IP  deployments  and  real-time  videostreaming. 

The  Cisco  Catalysts 

Opposite  to  Avaya  on  the  10G  performance  gradient  lies  Cisco,  which 
offers  a  promising  line  of  10G  products  for  the  distribution  and  core  lay¬ 
ers  of  an  enterprise  campus,  MAN  or  WAN.The  most  noteworthy  are  the 
four-port  WS-X6704-10GE  and  two-port  WS-X6802-10GE  modules,  for  the 
Catalyst  6500-series  switches  and  the  Cisco  7600-series  routers.The  6500- 
series  switch  is  probably  a  better  fit  than  the  7600-series  router  for  most 
companies  with  midrange  to  high-end  computing  needs  because  of  the 
scalability  (48  to  576  ports  of  10M,  100M  or  1G  Ethernet), diversity  and 
redundancy  it  can  provide  as  one  manageable  unit. 

Combined  with  the  new  Supervisor  Engine  720,  which  allows  for  an 
integrated  720G-bit/sec  backplane,  the  6500  series  can  accommodate  up 
to  32  10G  ports.This  gives  it  one  of  the  highest  10G  densities  available. 
Most  startling,  however,  is  switching  performance.  When  the  10G  modules 
are  upgraded  with  distributed  forwarding  cards  and  used  in  combination 
with  the  Supervisor  Engine,  it  is  possible  to  reach  a  sustained  forwarding 
rate  of  48M  packet/sec  per  card  and  a  sustained  aggregate  forwarding 
rate  of  400M  bit/sec. 

The  new  10G  modules  also  offer  myriad  QoS  and  fault-tolerance  fea¬ 
tures.  While  both  modules  have  the  traditional  class-of-service-based 
selection  criteria  for  setting  traffic  policies,  the  WS-X6704-10GE  also  sup¬ 
ports  virtual  LAN  queues  for  defining  multiple  policies  on  a  per-VLAN 
basis.  According  to  Cisco,  the  6500-series  platform,  combined  with  the 
new  10G  modules, should  be  able  to  trunk  10G  links  with  802.1  lad  link- 
aggregation.  Failover  times  should  be  greatly  improved  via  Spanning  Tree 
Protocol  enhancements  such  as  Per  VLAN  Spanning  Tree  Plus  and 
Resource  Reservation  Protocol,  reducing  the  failover  time  gap  between 
10G  and  traditionally  more  resilient  WAN  links  (traditional  STP  limits 
Ethernet  path  recalculation  to  a  matter  of  seconds,  while  OC-48  and  OC- 
192  can  failover  in  a  matter  of  nanoseconds). 

Cisco’s  10G  products  are  competitive  for  core  and  data  center  deploy¬ 
ments,  but  somewhat  pricey. The  Supervisor  Engine  720  starts  at  $28,000 
and  the  10G  modules  range  from  $20,000  to  $60,000.  Enterprise  users 
gain  some  flexibility,  however,  because  the  6500’s  adaptive  and  flexible 
chassis  design  should  let  them  add  modules  as  needed. 

Those  Extreme  BlackDiamonds 

Extreme  is  delivering  10G  with  its  BlackDiamond  6800  Series  switches. 
The  lOGLRi  modules  coupled  with  Extreme’s  Triumph  ASIC  technology 
result  in  an  aggregate  solution  that  could  provide  a  fair  amount  of  com¬ 
petition  to  Cisco  and  Foundry  gear 

The  BlackDiamond  series  includes  the  6804,6808  and  681 6,  which 
vary  mainly  by  density  and  scalability  options.  While  the  6816  offers 
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only  half  the  number  of  10G  ports  (16)  as  Cisco’s  Catalyst  6500,  it  can 
deliver  up  to  1,440  100M/1G  ports  fully  populated,  providing  more 
lower-end  density  than  its  competitors. 

The  BlackDiamond  lower-end  6804  and  6808  switches  max  out  at  256G 
and  384G  bit/sec,  respectively,  making  them  less  flexible  than  comparable 
competitive  switches.  But  the  6816’s  768G-bit/sec  backplane  is  beefier 
than  the  Catalyst  6513’s  (the  latest  6800  Series  backplanes  resolve  the  8G- 
bit/sec  cap  of  earlier  models,  allowing  for  full  10G  throughput). However, 
the  BlackDiamonds  maximum  forwarding  rate  of  192M  packet/sec  does¬ 
n’t  come  close  to  that  of  Cisco  or  Foundry  switches.This  wouldn’t  be  such 
a  drawback  if  pricing  was  more  competitive,  with  the  6816  base  chassis 
costing  more  than  the  65 13’s,  and  10G  modules  at  $29,000  per  port. 

To  keep  up  with  hardware-based  access  control  list  caching  technology, 
BlackDiamonds  feature  set  includes  Triumph  silicon  technology  that 
allows  for  wire-speed  access  control  list  (ACL)  checking  (reduces  CPU 
overhead  and  filtering-related  bottlenecks).  It  also  does  standard  QoS  traf¬ 
fic  classifications  and  802.1  lad  link-aggregation, allowing  for  1G  trunks. 

While  the  BlackDiamond  feature  set  is  more  competitive  than  most 
other  vendor  lines,  the  price  vs.  performance  numbers  hurt  Extreme. 
Perhaps  resolve  might  come  from  Mariner,  expected  to  be  released  by 
year-end  with  six-port  10G  blades  at  $8,000  apiece,  and  new  silicon  tech¬ 
nology  dubbed  “T-Rex,”  that  will  allow  for  updating  ASICs  with  new  con¬ 
figurations  on  the  fly  With  such  pricing,  Extreme  will  be  a  vendor  to  look 
to  for  customers  on  a  tight  budget  with  high-density  requirements. 

The  Foundry  for  Biglron 

Foundry  says  it  has  fixed  the  initial  8G  limitation  of  the  Netlron  back¬ 
bone  routers  and  the  Biglron  Layer  3  switches  with  scorching  throughput 
levels  —  1.2  terabit/sec  backplanes  and  forwarding  rates  of  up  to  480M 
packet/sec  (second  only  to  ForcelO), outrunning  Cisco  by  80M  packet/ 
sec.  While  the  Netlron  routers  are  attractive  for  the  service  provider  edge, 
enterprise  clients  should  look  mainly  at  the  Biglron  switches  for  their 
10G  needs.The  Biglron  switches  come  in  a  staggered  chassis  line  (MG8, 
4000,8000  and  15000)  and  the  same  backplane  capacity  and  forwarding 
rate,  allowing  entry-level  chassis  options  and  modules  that  will  scale  as 
network  aggregation  and  performance  requirements  increase.  Foundry 
harbors  up  to  32  10G  ports  on  the  Biglron  MG8  (comparable  to  the  Cisco 
Catalyst  6513)  at  $14,000  to  $20,000  per  port. 

Innovations  trickle  down  throughout  the  Biglron  platform,  from  the 
20G-bit/sec  dedicated  management  backplane  (that  isolates  administra¬ 
tion  traffic  from  production  traffic)  and  wire-speed  QoS  to  software  fea¬ 
tures  such  as  Rapid  Spanning  Tree  Protocol  (RSTP),  sFlow  (comparable 
to  NetFlow  on  Cisco), 802.3ad  link  aggregation  and  SNMPv3.  Enterprise 
clients  looking  to  deploy  highly  scalable,  cost-effective  10G  solutions 
should  keep  their  eyes  on  Foundry 

A  ForcelO  to  be  reckoned  with 

Despite  its  youth  as  a  company  newcomer  ForcelO  offers  a  10G  switch 
that  outperforms  Foundry’s  and  Cisco’s. Specializing  strictly  in  10G, 

ForcelO  offers  two  main  products:  the  middle-end  E600,with  a  600G-bit/ 
sec  backplane  and  a  forwarding  rate  of  250M  packet/sec;  and  the  high- 
end  E1200.This  flagship  switch  boasts  throughput  attributes  that  place  it  at 
the  top  of  the  performance  list  for  high-end  products.  While  its  density  is 
tapered  slightly  at  a  maximum  of  28  10G  (or  338  1G)  ports,  the  E1200  will 
leverage  a  1.2  terabit/sec  switch  fabric  and  an  unprecedented  forwarding 
rate  of  500M  packet/sec,  allowing  48G-bit/sec  throughput  to  each  module 
(the  Cisco,  Extreme  and  Foundry  switches  cap  out  at  40G  bit/sec  per  mod¬ 
ule)  and  wire-rate  speeds  on  all  ports,  even  with  ACLs  applied. Such  per¬ 
formance  numbers  are  enough  to  make  any  enterprise  network  engineer 
happy, especially  when  taking  into  account  that  ForcelO  has  undercut  the 
10G  market  substantially  with  pricing  at  $17,000  per  port. 

ForcelO’s  operating  system,  FTOS, should  compete  well,  with  a  feature 
set  including  protocols  leveraged  on  leading  vendor  products  (RSTP 
802.3ad  link  aggregation, Virtual  Router  Redundancy  Protocol  ).  A  vari¬ 
able  to  consider  with  ForcelO  is  its  freshness  as  a  company:  Code  base 
maturity,  product  support  and  documentation  take  time  to  develop. 

A  matter  of  when 

As  the  10G  arena  unfolds,  enterprise  managers  and  network  architects 
will  have  to  take  many  things  into  consideration  before  making  purchas¬ 
ing  decisions.The  wrong  choice  could  make  or  break  a  network. 

Fierstadt  is  a  senior  network  engineer  at  eUniverse ,  an  online  entertain¬ 
ment  and  media  network.  He  can  be  reached  at  lucid@switchninja.net. 
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Philips  Medical  Systems  ADAC. 

“We  did  some  shopping,  checked  out  other 
solutions,  and  decided  on  Canon’s 
Canobeanr  DT-50.  The  feeling  around  here  is 
that  it  was  well  worth  the  money  we  spent.” 


Eric  Caddenhead.  Director  of  Network 
Operations  for  Philips  Medical  Systems  - 
ADAC. 


ORBIS  International 
Humanitarian  Organization. 

"The  Canobeam  provides  us  wth  a  very 
effective  path  in  and  out  of  the  airplane. 
Since  it’s  an  optical  beam,  it  requires  no 
frequency  allocation  and  can  be  set  up  very 
quickly"  (in  fixed  and  temporary  situations.) 


Ismael  Cordero,  Manager  of  Biomedical 
Engineering  for  ORBIS. 


Visiting  Nurse  Association  Of 
Brooklyn. 


"Canobeam  proved  essential  to  ensuring 
that  our  expanded  computer  system  was 
up  to  the  task." 


Robert  Lanfranchi,  Director  of  Information 
Technology  Systems  for  VNAB 


U.S.  Department  Of  Labor. 


“Choosing  the  Canobeam  DT-50  has  been 
instrumental  in  allowing  us  to  carry  out 
critical  public  services  at  top  speed...  it’s 
important  that  we  be  able  to  respond 
without  delays  in  the  network." 

Darryl  Aus,  Sr  Network  Engineer 
for  PWBA  Department  Of  Labor. 


More  FSO  Users 
Connect  With  Us. 
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Canobeam  models  include: 

•  DT-55,  Gigabit  Ethernet,  1.25Gbps 

•  DT-50,  Versatile  Standard,  25-622Mbps 

•  DT-30,  Economical  Quality,  10-1 56(Vlbps 


Auto  Tracking  Is  One  More  Reason 
Users  Select  Canobeam 


Canon's  FSO  line  of  Canobeam 
products  has  emerged  as  the 
choice  for  more  and  more 
installations  and  a  wide  range 
of  applications.  From  providing 
communication  in  areas  where 
fiber  couldn't  be  laid;  to  meeting 
disaster  recovery  needs; 


to  allowing  private  organizations 
to  expand  services  and 
government  agencies  to  work 
faster,  Canobeam  has  met  the 
challenge  by  providing  fast  set¬ 
up,  no  FCC  licensing  or  channel 
allocation,  and  interference-free, 
confidential,  reliable  transmission. 


Find  out  more  at  canobeam.com 

1-800-321-4388  (Canada:  905-795-2012) 


KNOW  HOW  “ 

Canon  is  a  registered  trademark  and  Canon  Know  How  is  a  trademark  of  Canon  Inc.  ©2003  Canon  USA,  Inc. 


An  increasingly  mobile  workforce 
opens  your  network  up  to  a  host  of  threats, 
both  accidental  and  intentional. 

Bring  'em  on. 

The  only  place  to  securely  meet  the  challenges  that  a  mobile 
workforce  brings  to  a  network  is  at  the  point  where  people  connect. 
The  HP  ProCurve  Adaptive  EDGE  Architecture  affordably  puts 
intelligence  and  control  at  the  edge  of  the  network,  giving  you  the 
power  to  easily  adapt  to  future  needs  as  new  wired  and  wireless 
mobility  solutions  are  implemented. 

With  industry-standard  switches  like  the  HP  ProCurve  5300x1  series, 
you  can  cost-effectively  deploy  user  and  security  applications  at  the 
point  of  connection.  It  immediately  recognizes  the  user  and  the  types 
of  services  and  access  they  are  permitted  to  have,  preventing 
unauthorized  traffic  and  potential  threats. 

Free  Network  Design.  To  schedule  a  free  network  design  and  to 
learn  how  HP  ProCurve's  affordable  solutions  can  help  you  meet 
current  and  future  needs  for  mobility,  security  and  convergence, 
call  1-800-975-7683  or  visit  hp.com/go/procurve, 
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ADVERTISEMENT 


Driving  a  New  1 OG  standard 

A  conversation  with  Dan  Dove,  the  HP  ProCurve  networking  engineer 
who  is  spearheading  the  effort  to  ship  1  OG  Ethernet  over  copper. 

Dan  Dove  is  chair  of  the  IEEE  802. 3ak  Task  Force,  which  is  developing  a  standard 
for  1  OG  Ethernet  over  copper.  He  is  also  principal  engineer  for  LAN  physical  layers 
at  HP-a  self-described  "Layer-1  kind  of  guy."  We  talked  to  Dove  about  the  standard 
he's  working  on  and  where  he  sees  10G  fitting  in  enterprise  networks. 


Where  does  HP  want  to  go  with  TOG? 

We're  trying  to  drive  the  cost  down  so  that  10G 
can  be  used  more  broadly.  For  example,  as  cus¬ 
tomers  embrace  Gigabit  Ethernet  to  the  edge  of 
their  networks,  we  will  want  a  standards-based, 
cost-effective  way  to  link  switches  together  in  the 
wiring  closet.  10G  over  copper  is  a  way  for  HP 
ProCurve  to  meet  that  need,  along  with  the  many 
others  it  already  meets.  That's  why  I've  taken  on 
the  effort  of  chairing  the  task  force  and  trying  to 
drive  a  standardized  solution  into  the  market, 
called  10GBASE-CX4,  which  will  support  distances 
of  up  to  15  meters  on  copper.  It's  a  short-haul  inter¬ 
connect  solution. 
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Why  is  the  whole  movement  to  10G  over 
copper  important? 

The  initial  1  OG  solution  that's  been  available  has 
been  fiber  optic  and,  unfortunately,  it  was  initially 
expensive  and  continues  to  be,  even  with  recent 
price  reductions.  It  really  violates  a  basic  premise  that 
the  IEEE  802.3  Working  Group  has  operated  under 
for  many  years,  which  is  10  times  the  performance 
of  previous  generations  for  two  to  three  times  the 
cost.  1  OG  optical  solutions  are  about  1 0  to  20  times 
the  cost,  and  while  there  are  situations  where  that 
cost  is  justified,  many  customers  use  several  gigabit 
links  because  it  is  so  much  more  affordable.  With  the 
copper  solution  that  we're  standardizing,  the  cost  will 
be  more  in  that  two  to  three  times  range.  It  will 
enable  the  short-haul  interconnect  of  switches  with 
10G  copper  in  the  wiring  closet,  in  data  centers  and 
small  server  clusters,  including  emerging  iSCSI  stor¬ 
age  over  Ethernet  arrays.  Optical  solutions  will  con¬ 
tinue  to  be  required  for  longer  distances,  such  as  out 


to  wiring  closets,  between  buildings  and  in  metropoli¬ 
tan  area  networks. 

How  soon  will  1  OG-over-copper  products 
be  available? 

The  standard  development  is  on  track  for  ratifica¬ 
tion  in  December  2003,  which  is  extremely  fast 
considering  we  started  last  November.  10G  cop¬ 
per  products  will  follow  in  the  spring  of  2004. 

What  do  you  see  as  the  high  end  in  terms 
of  distance  over  copper? 

In  November  of  last  year,  there  was  an  IEEE  study 
group  formed  to  work  on  a  longer  distance  copper 
for  1 0G,  and  they  are  talking  about  1 00  meters. 
There  is  some  question  as  to  whether  that's  feasible 
and,  if  so,  what  media  type  would  be  required- 
whether  it  would  have  to  be  [Category]  7  or  even 
something  of  a  higher  performance.  The  concept  is 
to  apply  digital  signal  processing  technology  to  per¬ 
form  very  high  levels  of  interference  canceling  or 
noise  canceling.  They're  in  the  process  of  completing 
their  project  scope  and  requirements  for  IEEE 
approval.  If  approved,  then  they'll  have  a  task  force 
and  they'll  start  developing  a  specification.  I  would 
guess  it'll  be  somewhere  on  the  order  of  two  to  three 
years  before  a  spec  comes  out  for  that  technology. 

Where  do  you  see  10G  having  the  great¬ 
est  effect  in  enterprise  networks? 

There  are  two  application  spaces  where  I  see 
10G  having  a  real  big  role.  One  is  gigabit  to  the 
edge.  Gigabit  to  the  edge  is  going  to  happen 
because  the  technology  has  come  to  the  point 
where  it  costs  only  slightly  more  than  fast  Ethernet. 
PC  manufacturers,  including  HP,  are  quickly  moving 
to  build  in  gigabit  support  on  all  desktop  and  note¬ 
book  PCs.  While  there  is  a  lot  of  benefit  to  gigabit 
to  the  edge  without  upgrading  the  backbone,  as  it 
becomes  pervasive,  we  will  need  to,  at  least  selec¬ 
tively,  move  to  10G  uplinks  and  backbones. 

The  other  side  is  storage.  As  iSCSI  becomes  more 
popular,  1 0G  is  going  to  provide  higher  perfor¬ 
mance  for  storage,  remote  mirroring  functionality 
and  things  like  that.  Copper  is  a  nice,  low-cost 
way  of  implementing  that  in  the  data  center  and 
server/storage  rooms. 


HP  Brings  Intelligence 
to  the  Network  Edge 

The  HP  ProCurve  Adaptive  EDGE 
Architecture  is  all  about  creating  a 
more  intelligent  network  edge  that 
can  more  efficiently  and  securely 
carry  a  broad  range  of  applications 
on  a  LAN  infrastructure.  As  cus¬ 
tomers  add  1 0G  Ethernet  to  their 
networks,  the  need  for  intelligence 
only  becomes  more  important. 

HP  today  offers  a  single-port  opti¬ 
cal  1 0G  blade  for  the  ProCurve 
Networking  routing  switch  9300m 
series  and  will  soon  deliver  higher 
density  1 0G  products.  These 
include  modular  optical  adapters 
that  users  can  customize  to  best  fit 
their  needs,  choosing  from  optical 
media  that  support  1 0G  at  dis¬ 
tances  ranging  from  35  meters  to 
40  kilometers.  By  early  next  year, 
the  choices  will  include  1 0G  over 
copper,  a  technology  HP  is  helping 
drive  through  the  standards  process. 

In  each  case,  the  HP  ProCurve 
Adaptive  EDGE  Architecture  will 
help  users  properly  manage  that 
bandwidth.  The  architecture  enables 
customers  to  set  prioritization  at  the 
network  edge  for  a  range  of  appli¬ 
cations,  including  those  that  10G 
will  make  more  feasible,  such  as 
voice,  video,  storage,  Remote  Direct 
Memory  Access  (RDMA)  over 
Ethernet  for  creating  server  clusters 
over  Ethernet  and  even  grid  comput¬ 
ing.  The  HP  ProCurve  Adaptive 
EDGE  Architecture  also  ensures  that 
security  is  maintained  throughout 
the  network  by  controlling  who  gets 
access  to  what  resources  on  a  per- 
port  basis. 

Secure,  mobile,  multi-service  net¬ 
works  at  an  affordable  price.  That's 
the  HP  ProCurve  Adaptive  EDGE 
Architecture. 


Learn  more  about  HP  ProCurve 
solutions  around  security, 
mobility  and  convergence.  Sign 
on  to  our  webcast  series  at: 

www.itworld.com/ 

itwebcast/procurve 


After  a  limited  10G  Ethernet  deployment  Industrial  Light  &  Magic  plans  a  new, 
super-powered  corporate  network  that  will  use  a  mind-boggling 200 100 interconnects, 


n  this  summers  box-office  attraction  “The  Hulk”  mild-mannered  scientist  Bruce  Banner  morphs  from  an  ordinary 
guy  into  a  phosphorescent  green,  bulging  super  power  —  part  hero,  part  monster  who  makes  moviegoers  cower 
in  their  seats. Terrified  viewers  have  the  visual-effects  experts  at  Industrial  Light  &  Magic  to  thank  for  their  racing 
pulses.And  just  as  Banner  has  been  supercharged  with  gamma  radiation, those  ILM  artists  have  been  empowered  with 
a  hulked-up  network. 


See  ILM,  page  SI 2 


BY  BETH  SCHULTZ 


murium  com/iurr/rom/m 


Gigabit  Ethernet. 

It's  not  just  for  the 
data  center  anymore. 


The  future's  more  affordable 
than  it  used  to  be. 

Time  to  bring  your  users  up 
to  Gigabit  speed. 


3Com  OfficeConnect®  Gigabit  Switch  5 


LAN  Infrastructure  Network  Jacks  Mobility  &  Wireless  Security  Solutions  Networked  Telephony 
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Advanced  silicon  and  Gigabit-ready  computers  have 
slashed  the  cost  of  future  proofing  your  workgroups. 
Right  now,  Gigabit  Ethernet  will  give  you  considerably 
more  bandwidth  for  the  buck  than  installing  10/100. 

Bring  your  users  up  to  Gigabit  speed — affordably — 
with  these  new  3Com®  switches: 

3Com  OfficeConnect®  Gigabit  Switch  5  packs  five 
autosensing  10/100/1000  ports  and  traffic  prioriti¬ 
zation  into  a  small,  simple,  silent  device. 

3Com  Baseline  Switch  2800  models  deliver  full 
wirespeed  Gigabit  in  plug-and-play,  1RU  rack- 
mountable  units  that  don't  require  management. 

3Com  SuperStack®  Switch  3824  is  a  Layer  2  switch 
that  comes  with  prioritization,  link  aggregation 
and  fiber  port  options— plus  a  powerful  manage¬ 
ment  application. 

That's  lots  of  desktop  Gigabit  for  not  a  lot  of 
money.  Backed  by  3Com's  limited  lifetime 
warranty,  of  course. 

Visit  www.3com.com/gigabit/2hotspot 
to  find  out  more  about  3Com's  new  Gigabit 
switching  solutions. 


3Com  ’ 

Possible  made  practical" 


ILM 

continued  from  page  S10 

In  March,  ILM  brought  two  10G  Ethernet  modules  —  for  its  Foundry 
Networks  Biglron  Layer  3  backbone  switches  —  into  its  already  band- 
width-intensive  enterprise  network  architecture.  A  Foundry  shop  since 
1999,  ILM  uses  seven  Biglron  switches  (five  8000s,  one  4000  and  one 
15000),  about  40  Fastlron  II  —  plus  a  handful  of  Fastlron  11+  —  closet 
switches,  and  more  than  80  Fastlron  4802  stackable  switches,  says 
Raleigh  Mann,  manager  of  network  operations  at  the  San  Rafael,  Calif., 
post-production  company. 

No  time  for  massaging  data 

The  Biglron  modules  are  linked  via  a  10G  trunk,  with  throughput 
speed  of  8G  bit/sec  because  of  limitations  of  Foundry’s  current  archi¬ 
tecture,  Mann  says.  (Foundry  addresses  the  throughput  limitations  in 
the  Biglron  MG8,a  terabit  switching  and  routing  platform  introduced  in 


lOGatthe  core 

Industrial  Light  &  Magic  has  boosted  capacity  on  its  Foundry  Networks-based  artist 
production  network  with  a  core  10G  Ethernet  link.  Considered  a  proof-of-concept 
implementation,  this  10G  setup  has  convinced  ILM  to  use  more  than  200 10G 
interconnections  on  a  new  corporate  backbone  it  will  build  in  2005. 
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April.)  This  10G  trunk  serves  as  the  conduit  from  ILM’s  production  net¬ 
work,  on  which  sits  all  of  the  artists’  render  processors  and  file  servers, 
and  the  data  center.  Previously,  Mann  handled  the  bulkiest  of  data  trans¬ 
fers  by  trunking  together  multiple  1G  Biglron  ports. 

Of  course,  ILM  artists  know  little  of  10G  or  any  other  network  technol¬ 
ogy.  All  they  know  is  that  they  can  create  ever-bigger  data  sets  that 
move  swiftly  across  the  network.They  demand  nothing  less,  Mann  says. 

“Every  18  months,  our  work  follows  Moore’s  Law.  As  computers  get 
cheaper,  disk  space  gets  cheaper  and  our  productions  can  move  faster," 
he  says.To  make  The  Hulk  and  other  movie  creations  realistic,  ILM  artists 
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pour  on  complex  textures  in  increasingly  dense  simulations.“More  horse 
power  doesn’t  mean  we  can  just  work  faster;  it  means  our  work  can  get 
more  complex.  Fabric,  hair,  water,  flame, smoke, sand  —  we  can  basically 
simulate  more  particles  and  render  a  much  more  complex  3-D  image," 
he  says,  emphasizing  that  the  network  has  to  keep  up.“Our  artists  know 
the  slightest  difference  in  network  performance.” 

Before  implementing  the  10G  routers,  available  bandwidth  for  any  par¬ 
ticular  data  flow  topped  out  at  the  4G  bit/sec  Mann  achieved  by  trunking 
the  1G  ports.That  data  is  primarily  Network  File  System  (NFS)  traffic  mov¬ 
ing  back  and  forth  between  Linux  file  servers  and  client  desktops.  ILM 
carries  the  NFS  traffic  using  User  Datagram  Protocol  (UDP)  rather  than 
the  more  feature-rich,  and  resilient, TCP.“We  don’t  have  the  benefits  of 
TCP  for  [flow-control]  features  such  as  backoff  and  sliding  window  . . . 
but  we  decided  the  best  way  to  get  performance  out  of  the  network  is  by 
using  UDP,”  Mann  says.“We  don’t  have  the  luxury  of  dropping  packets.  In 
our  industry  with  our  turnaround  time,  we  don’t  have  the  time  to  be  figur¬ 
ing  out  problems  or  massaging  data  through  the  network.” 

Mann’s  mind  is  eased  considerably  with  10G.“What  I  don’t  have  to 
think  about  anymore  is  whether  any  particular  traffic  flow  that  exceeds 
a  gigabit  is  split  up  across  cards.  I  can’t  quantify  a  performance 
improvement  with  the  10G,  but  it  does  make  monitoring  the  traffic 
between  the  data  center  and  the  production  network  a  lot  easier,”  he 
says.“Having  a  single  interface  to  watch  for  traffic  flow  rather  than  look¬ 
ing  at  four  different  interfaces  and  adding  it  all  up  makes  it  a  lot  easier 
to  get  a  real-time  feel  and  a  quick  snapshot  of  what’s  going  on.” 

10G  at  the  core 

Mann  expects  his  current  network  architecture,  including  the  one 
10G  link,  to  see  ILM  through  2004. The  network  becomes  obsolete 
after  that,  coincident  with  the  planned  June  2005  move  of  ILM  head¬ 
quarters  from  San  Rafael  to  the  Presidio,  a  former  military  complex  in 
San  Francisco. The  move  gives  Mann  his  third  opportunity  to  build  a 
new  network  for  ILM. 

Mann  is  well  into  a  design  for  the  new  Presidio  network,  and  he  knows 
10G  will  play  the  starring  role.  Having  used  the  lOG-infused  Biglrons  as 
proof  of  concept,  he  determined  that  the  technology  is  stable  and  that 
performance  is  on  par  with  expectations.“The  look  and  feel  is  still  Ether¬ 
net.  We’ve  had  no  disappointments  or  issues  with  the  migration,”  he  adds. 

The  Presidio  network  he  envisions,  and  has  begun  talking  to  vendors 
about,  will  deliver  lG-bit/sec  connections  to  3,800  or  so  user  machines, 
using  multiple  10G  links  between  each  switching  closet  and  a  “very 
large  mesh  of  10G  at  the  core  for  redundancy  and  performance,”  Mann 
says.  He  anticipates  close  to  200  10G  interconnects  on  the  network. 

As  if  that’s  not  mind-boggling  enough,  Mann  says  40G  is  within  reason, 
too.“l  definitely  see  40G  within  the  core  and  to  some  of  the  higher-den¬ 
sity  closets,”  he  explains.“We’re  looking  at  over  a  terabit  capacity  of  core 
aggregate  bandwidth  potentially  Our  data  sets  will  just  keep  getting  big¬ 
ger  as  people  continue  to  expect  more  realistic  images.” 

Mann  proudly  notes  this  watermark:  In  May,  network -traffic  hit  96  tera¬ 
bytes  per  day  as  artists  cranked  out  the  visual  effects  for  “The  Hulk”  and 
two  other  summer  hits  — “Terminator  3”  and  “Pirates  of  the  Caribbean.” 
He  has  no  doubt  that  this  volume  will  more  than  double  in  the  next  18 
months,  as  ILM  artists  crank  out  the  visual  effects  for  “Star  Wars  Episode 
III,”  due  out  in  theaters  in  May  2005. 

The  ILM  environment  is  a  bit  bizarre,  says  Mann,  who  joined  the  com¬ 
pany  a  little  more  than  five  years  ago  from  AOL.  Comparing  the  amount 
of  data  carried  on  it  —  a  single  company’s  network  —  to  that  carried 
on  the  largest  ISP’s  network,  he  says, “To  be  on  parallel  with  that  much 
data  in  such  a  dense  environment  is  very  strange.” 

The  best  of  times 

ILM  will  begin  building  the  Presidio  network  and  occupying  the  new 
data  center  in  January  2005. That  means  ILM  will  need  to  buy  the  net¬ 
work  gear  before  this  time  next  year. 

While  Mann  could  not  share  budget  info,  he  noted  that  he  anticipates 
spending“a  whole  lot  of  money”on  the  10G  architecture  planned  for  the 
Presidio  site.“We  already  invited  the  players  to  play,  and  certainly  price 
will  be  one  of  the  deciding  factors  on  who  wins,”  as  it  was  when  it  came 
down  to  choosing  his  1G  vendor,  Mann  says.  Cisco  had  been  in  con¬ 
tention  for  that  network,  but  lost  out  because  Foundry  Networks  deliv¬ 
ered  four  times  the  throughput  at  approximately  half  the  price,  he  says. 

Meanwhile,  Mann  is  having  a  great  time  designing  this  next-generation 
network.  He  calls  the  task  “daunting  but  fascinating,”  adding:  “We’re  all 
having  fun  just  conceptualizing  this."B 
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10G  Ethernet  holds  endless  possibilities 
for  seamlessly  extending  enterprise  net¬ 
works  into  the  MAN  and  across  the  WAN. 


BY  TERRY  SWEENEY 


jjMSK  hat  can  an  enterprise  do  with  the  equiva- 
1;  '■  lent  of  more  than  6,000  T-ls  worth  of  band- 

width?  Just  about  anything. 

Once  10G  Ethernet  becomes  the  backbone  of 
choice  for  service  providers,  it  opens  the  door  to 
powerful  possibilities.  10G  Ethernet  provides  a 
natural  handoff  between  corporate  and  carrier  net¬ 
works  without  the  expense  of  encapsulation  or  con¬ 
version  to  SONET,  frame  relay  or  ATM. Terabytes  could 
zip  across  networks  like  instant  messages  rather  than 
the  imperceptibly  moving  glaciers  they  often  resem¬ 
ble.  LAN,  metropolitan-area  network  (MAN)  and  WAN 
connectivity  would  become  one  big  subnet. 


With  10G  in  the  LAN,  MAN  and  WAN,  a  car  maker  handling 
designs  for  multiple  new  models  could  handle  backups  and  data¬ 
base  synchronization  among  Detroit,  Munich  and  Tokyo  sites 
without  downtime  or  waiting  for  one  location's  off-peak  evening 
hours.  Trillions  of  bits  could  traverse  the  globe  easily,  either  as 
native  Ethernet,  packet  over  SONET  or  packet  over  wavelength 
division  multiplex  (WDM).  Virtual  LANs  could  come  and  go  as 
fast  as  project  phases  were  completed, 

Suddenly,  SANs  would  become  as  large  as  enterprise  networks, 
server  and  database  access  would  no  longer  be  a  function  of  geog¬ 
raphy,  and  surplus  capacity  could  be  shifted  and  exploited  as  need¬ 
ed.  If  one  location  suffers  a  natural  disaster,  all  of  its  applications 
and  data  could  be  replicated  at  a  different  site  within  minutes. 

End-to-end  quality  of  service  (QoS)  would  mean  that  executives' 
e-mail  could  be  given  priority  over  end-of-quarter  sales  numbers 
hogging  most  of  the  available  bandwidth,  regardless  of  user  or  serv 
er  location.  A  LAN  becomes  a  WAN,  and  a  WAN  becomes  the  world. 

But  this  lofty  vision  will  have  to  wait,  as  full  10G  products  are 
only  now  becoming  available  and  services  remain  non-existent. 
The  technology  is  pricey,  and  some  technical  shortcomings  must 
be  addressed  before  it  scales  to  WAN  thresholds. 

Today,  most  10G  Ethernet  ports  come  in  blades  for  1G  switches. 
Because  of  this,  throughput  typically  tops  out  at  about  <SG  bit/sec. 
Carriers  and  equipment  vendors  point  to  2004  as  the  real  starting 
date  for  10G  Ethernet.' That's  when  leading  vendors  such  as  Cisco, 
Extreme  Networks,  Foundry  Networks  and  Nortel  expect  to  have 
switches  that  perform  at  10G  bits/sec. 

And  next  year  will  be  when  Gartner  has  - 
forecasted  that  10G  volumes  will  begin 
to  triple,  year  after  year,  going  from 
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(see “Exponential  Ethernet," page  1  I). 


Escalating  storage  demands 
caused  by  HIPAA  regulations 
has  Hal  Marietta,  director  of 
network  services  for  Liberty 
Healthcare  Group,  eager  for 
10G  Ethernet  relief. 


That’s  the  same  time  frame  in  which  carriers  such  as  AT&T, Verizon 
and  SBC  will  have  10G  services  ready“I  have  a  placeholder  in  my  plan 
for  next  year  to  be  able  to  fund  some  of  the  activity  and  tests,” says 
Franco  Collochio,  Ethernet  services  product  director  for  AT&T.“Late 
2004  is  our  development  time  frame.” 

But  early  adopters,  ranging  from  bandwidth-starved  corpora¬ 
tions  to  competitive  local  exchange  carriers,  aren't  waiting. 

“T-3  [45M  bit/sec]  was  not  enough  bandwidth  for  us,”  says  Hal 
Marietta,  director  of  network  services  for  Liberty  Healthcare 
Group,  in  Port  St.  Lucie,  Fla.  “We  decided  to  do  more  than  1G 
since  we  knew  we  wanted  to  do  SAN  replication  at  some  point, 
without  impacting  the  standard  data  flow.” 

Compliance  with  the  new  Health  Insurance  Portability  and 
Accountability  Act  regulations,  in  their  stringency  regarding 
security  and  availability,  is  driving  bandwidth  demands,  he  says. To  han¬ 
dle  the  20  terabytes  of  data  that  Liberty  Healthcare  needs  to  be  backed 
up  every  week,  Marietta  has  been  using  Extreme’s  BlackDiamond 
switches  at  three  sites.  He  has  trunked  together  multiple  1G  ports  for 
the  backup. 


Exponential  Ethernet 


Gartner  expects  a  steady  increase  in  the  number  of  10G  switches  shipped  as 
per-port  prices  come  down,  mimicking  the  pattern  expected  for  1G  Ethernet. 

Ports  shipped/Average  price  per  port 


Ethernet 

switches 

2003 

2004 

2005 

2006 

2007 

100M 

159  million/$46 

164  million/$32 

159  million/$23 

153  million/$15 

139  million/$11 

1G 

12  million/$443 

21  million/$368 

38  million/$250 

53  million/$201 

74  million/$148 

10G 

1,800/$29,000 

5, 000/$  19, 500 

15,200/$14,360 

51,800/$10,700 

185,000/$7,710 

/ 


The  10G  mesh 

Ethernet’s  established  familiarity  as  the  lingua  franca  of  networks  is 
propelling  it  into  MANs  and  WANs.  Ethernet  has  evolved  from  10M  to 
100M  to  1G  and  now  10G  bit/sec  in  a  little  more  than  25  years.The 
802.3ae  standard  for  10G  Ethernet,  approved  about  a  year  ago,  has  a 
range  of  25  miles,  a  far  cry  from  the  shorter  hops  required  by  its  prede¬ 
cessors  prone  to  signal  fade.  With  a  longer  reach  and  a  throughput  that 
matches  the  OC-192  threshold  of  SONET  and  WDM  backbones,  10G 
Ethernet  becomes  a  means  for  corporate  and  carrier  networks  to  mesh 
more  seamlessly  than  ever. 

That  in  turn  creates  the  possibility  of  virtual  networks  —  known  vari¬ 
ously  as  transparent  LANs, VPNs  or  Ethernet  subnets  —  on  a  scale  pre¬ 
viously  unworkable.  It  leverages  the  250  million  Ethernet  ports  already 
in  service  and  enables  turbo  applications  such  as  grid  computing  using 
terabytes  and  petabytes  of  data,  or  SAN  replication,  with  which  backup 
and  disaster  recovery  can  occur  in  seconds.  And  QoS,  largely  absent 
from  any  switched  Ethernet  equation  in  which  prioritization  schemes 
differ  among  users  and  carriers,  finally  could  be  offered  across  WANs. 

“A  metro-area  service  would  only  give  us  the  ability  to  have  a  site 
located  farther  away,  but  WAN-level  could  definitely  help  us,” says 
Liberty’s  Marietta.“We’d  have  no  bandwidth  limitations, so  it  wouldn’t 
matter  where  the  server  was.  We  can  place  resources  where  it  makes 
the  most  sense.” 

That’s  the  same  line  of  reasoning  used  by  network  engineers  at  the 
Information  Sciences  Institute  (ISI)  at  the  University  of  Southern 
California  in  Los  Angeles.“We  look  at  10G  as  an  enable^  says  Richard 
Nelson,  director  of  computing  at  ISI,  which  has  been  using  10G 
Ethernet  for  more  than  a  year. 

Initially,  ISI  deployed  the  10G  to  handle  an  increase  in  high-perfor¬ 
mance  desktops  and  computing  clusters.  But  USC  decided  that  kind  of 
speed  made  it  possible  to  mirror  the  university’s  computing  resources 
at  ISI.  USC  has  installed  tape  drives  and  other  storage  gear  at  the  ISI 
location,  18  miles  away  from  the  main  campus, so  that  if  service  or 
access  to  the  campus  is  disrupted,  it  can  bring  the  network  back  up 
from  the  data  stored  at  ISI. 

Using  Foundry  Biglron  Gigabit  Ethernet  switches,  ISI  and  the  uni¬ 
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versity  are  linked  by  a  private  10G  MAN  that  also  connects  to  an 
Internet  peering  point  in  Southern  California.  From  that  location 
they  tap  into  theTeraGrid  network,  a  five-site, 40G  grid-computing 
backbone  that  connects  supercomputing  and  research  centers 
across  the  country.“Whether  it’s  an  earthquake  shake  table  or  elec¬ 
tron  microscope  data,  we  need  the  capacity  for  tera-scale  research,” 
Nelson  says. 

Nelson  says  he  can  foresee  data  center  migrations  and  shipping 
tapes  around  for  backup  and  restoration  becoming  passe. “Instead, 
you  do  a  bulk  transfer  over  a  10G  network.  People  with  terabytes  of 
storage  don’t  want  to  do  it  at  1G  —  they  want  10G  or  faster,”  he  says, 
adding  that  he’s  looking  forward  to  actual  10G  switches  to  avoid 
some  of  the  complexity  of  trunking  multiple  1G  connections,  espe¬ 
cially  because  the  lack  of  trunking  standards  preclude  multivendor 
10G  networks. 

Vendors  needed  time  to  perfect  10/100  Ethernet,  and  the  same 
holds  true  for  10G,  Nelson  says.’As  interface  costs  come  down  and 
availability  of  the  right  kind  of  fiber  increases,  10G  will  become 
more  normal  in  the  corporate  world.  People  will  start  to  see  the  pos¬ 
sibilities  with  remote  backup  or  as  a  less-expensive  alternative  to 
[SONET]  OC-192,”  he  adds. 

Paying  the  price 

lOG’s  potential  is  rich,  but  so  is  its  price  tag.  Industry  analysts  place 
the  price  per  port  for  10G  blades  in  the  $30,000  to  $40,000  range,  but 
prices  have  gone  as  low  as  $10,000,  according  to  Brian  Strachman, 
senior  analyst  at  In-Stat/MDR.  In  the  first  quarter  of  2003,  vendors 
shipped  a  total  of  170  ports  of  10G  equipment.  Contrast  that  with 
734,000  ports  of  1G  Ethernet  with  an  average  cost  of  $5 18,  and  it’s  clear 
why  10G  has  yet  to  catch  fire. 

Adoption  of  a  10G  Ethernet-over-cable  standard,  expected  for  comple¬ 
tion  by  early  2004, should  drive  prices  down  and  increase  uptake  of 
10G,  Strachman  says.  Gartner  expects  average  port  prices  will  fall  from 
$19,500  in  2004  to  about  $7,710  by  2007. 

Pricing  for  10G  services  is  a  little  trickier.  Consider  that  Cybercon.com 
offers  1G  services  at  $3,950  per  month.This  does  not  include  local  loop 
charges,  which  can  range  from  $600  to  $7,500  or  more,  depending  on 
bandwidth  size  and  distance  from  the  carrier  point  of  presence.  Carriers 
won’t  likely  charge  10  times  as  much  for  10G  services,  but  enterprise 
users  can  expect  to  pay  at  least  double  the  prices  of  1G  Ethernet.  AT&T, 
Verizon  and  SBC  all  say  it  is  too  early  to  discuss  pricing. 

10G  has  some  other  drawbacks.  Critics  like  to  point  out  that  10G 
Ethernet  is  not  as  resilient  as  SONET,  and  most  companies  are  not 
going  to  tolerate  a  best-effort  WAN  service.  Most  carriers  are  looking  at 
Multi-protocol  Label  Switching  or  the  Martini  specification  for  handling 
packet  over  SONET  to  make  Ethernet  behave  more  like  SONET.  How 
carriers  manage  those  techniques  as  they  scale  up  on  the  WAN 
remains  to  be  seen. 

As  with  any  other  service,  enterprise  users  should  be  sure  to  negotiate 
a  service-level  agreement  that  establishes  minimum-performance 
thresholds  and  compensation  for  any  glitches. 

The  QoS  mechanisms  for  10G  could  stand  improvement,  says  Mike 
Knoll,  central  office  group  leader  for  Hancock  Telecom,  which  has 
been  using  10G  Ethernet  blades  from  Extreme  for  about  a  year.  His 
company  offers  cable  television  from  one  switch,  and  Internet  access 
and  voice  over  IP  on  the  other  switch.  It’s  using  2G  bit/sec  of  its  own 
fiber,  lighting  up  more  strands  as  needed. 

As  it  stands  now,  users  set  up  QoS  by  designating  percentages  of  a  fiber 
or  connection  that  an  application,  user  or  location  can  use.“We  need 
tighter  bandwidth  instead  of  percentages,” says  Knoll,  adding  that  the  abil¬ 
ity  to  designate  10%  of  a  10G  pipe  doesn’t  really  offer  much  additional 
value.“We  need  to  be  able  to  pick  a  [set  amount  of  bandwidth].” 

A  billion  bits  per  second  from  the  campus  to  the  wide  area  will  open 
up  lots  of  big  possibilities,  but  it’s  going  to  take  at  least  a  year  for  10G  to 
grow  into  the  fullness  of  Ethernet’s  next  logical  exponent.  Apart  from 
time  and  money,  there’s  no  reason  why  the  internetworking  of  corpo¬ 
rate  and  carrier  networks  across  the  WAN  should  falter.  Completion  of  a 
few  more  technical  specifications  should  help  lOG’s  adoption,  which 
would  help  push  prices  down,  while  the  first  few  services  start  to 
become  available. 

10G  will  widen  the  WAN  like  never  before. 

Sweeney  is  a  writer  and  editor  in  Los  Angeles  who  has  covered  IT  and 
networks  for  20  years.  He  can  be  reached  at  terry@tsweeney.com. 
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The  switch  that  adapts 
to  any  environment. 

And  always  will. 


Introducing  the  Matrix™  N-Series 

Scalability  and  security  adapted  to  your  enterprise. 


Because  your  needs  change  so  often,  you 
need  a  switch  that  can  keep  up.  That’s  the 
revolutionary  new  Matrix  N-Series.  Thanks 
to  an  exclusive  distributed  architecture — 
where  all  switching  and  control  functions 
reside  on  each  module — the  N-Series  lets 
you  cost-effectively  add  bandwidth,  users  and 
applications  on  the  fly.  And  no  other  switch 
offers  such  a  low  entry  cost. 

A  wide  range  of  secure  connectivity 
options  means  the  Matrix  N-Series  will 
scale  to  support  converged  applications 


like  video  streaming,  VoIP  and  more  without 
expensive  upgrades.  With  unsurpassed 
reliability,  flexibility  and  investment 
protection,  the  N-Series  is  a  key  component 
to  any  Business-Driven  Network .™ 

Now  and  always. 

For  a  FREE  whitepaper  on  the  Matrix 
N-Series  and  Multilayer  Packet  Classification, 

go  to  enterasys.com/nw/n-series 
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Foundry  is  the  10-Gigabit  Ethernet  leader.  We  were  first  in  the  market  in  October  2001 
and  we  continue  to  dominate  lOGbE  market  share.  Why?  Because  we  offer  a  complete  high 
performance  solution  front  wiring  closet,  server  farm,  to  backbone.  Our  solutions  are  easy  to  deploy, 
and  future  proof:  our  modular  switches  are  lOGbE  ready  without  a  forklift  upgrade. They’re  com¬ 
prehensive:  supporting  standard-based  replaceable  lOGbE  optics  with  distance  up  to  40  km. They  add 
value  beyond  bandwidth:  our  JetScope'VsFlow  technology  allows  you  to  monitor  network  traffic 
on  every  port,  without  performance  degradations.  And  they  are  proven  in  real-world  networks 
University  of  Southern  California, Walter  Reed  U.S.Army  Medical  Center,  London  and  Amsterdam 
Internet  Exchanges,  as  well  as  NTT/Verio.Want  to  experience  10-Cigabit  Ethernet?  Follow  the  leader 
Contact  Foundry  today  at  1 .888.TURBOLAN  or  www.foundrynetworks.com/10GbE 


The  Power  of  Performance 
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FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 
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Procom  server  appliance  ups  the  ante 


■  BY  JAMES  GASKIN,  NETWORK  WORLD 
GLOBAL  TEST  ALLIANCE 

I  love  all-in-one  server  appliances  for 
small  businesses.  The  best  provide  the 
greatest  benefit  for  most  businesses  for 
the  smallest  amount  of  configuration 
time. 

The  new  Taurus  from  Procom  Technol¬ 
ogy  improves  on  the  IT-100  from 
EmergeCore  1  tested  in  early  July  and  was 
less  than  satisfied  with  (www.nwfusion 
.com,  DocFinder:  7230).  The  Taurus 
includes  wireless  support,  the  print  server 
worked,  and  it  was  easier  to  set  up. 

Procom  should  be  further  down  the  road 
than  EmergeCore  because  it  bought 
orphaned  technology  from  Celestix.  The 
company  took  that  hardware  and  server 
framework  and  complemented  it  with  an 
excellent  manual  (274  clearly  written 
pages  with  lots  of  pictures  and  easy  steps, 
and  plenty  of  depth,  if  you  want  it). 

The  Taurus  easily  hurdles  the  first  barrier 
for  non-technical  folks  adding  a  server 
appliance:  how  to  get  the  server  network  IP 
address  to  match  that  of  the  network.When 
you  already  have  a  network  and  add  a  serv¬ 
er,  you  must  tell  the  new  server  what  IP 
address  to  use. The  Catch-22:  You  must  net¬ 
work  the  server  to  add  the  server  to  your 
network.  That  means  you  need  to  change 
your  client’s  static  IP  address,  connect  to 
the  server,  set  the  server’s  static  IP  address, 
then  change  your  client  settings  back. The 
Taurus’  front-panel  LCD  lets  you  set  the 
server’s  static  IP  address  to  match  your  net¬ 
work  quickly  and  easily. This  is  a  big  bene 
fit  and  speeds  installation  considerably 

Meant  to  fit  between  a  small  company’s 
internal  network  and  an  Internet  connec¬ 
tion,  Taurus,  like  other  all-in-one  servers, 


requires  you  to  use  its  internal  file  server  as 
your  external  firewall  and  Web  server.  This 
design  relies  heavily  on  the  included  fire¬ 
wall  to  keep  your  file  server  safe.  For  that 
reason,  I  wanted  more  management  detail 
about  the  firewall  and  more  configuration 
flexibility  than  Taurus  provided.  The  com¬ 
pany  could  do  better.  This  also  means  you 
will  have  to  keep  your  Taurus  software 
updates  current  to  help  maintain  a  strong 
barrier  against  outside  hackers. 

Once  you  configure  the  Taurus’  IP 
address,  installation  between  your  net¬ 
work  and  the  world  takes  only  seconds.  In 
my  lab,  I  placed  the  Taurus  between  the 
Comcast  cable  modem  and  my  internal 
wiring  hub.  When  I  turned  on  the  box  it 
automatically  grabbed  the  Internet  infor¬ 
mation  from  Comcast  and  translated  my 
internal  IP  addresses  through  network 
address  translation  to  match  the  Comcast 
IP  addresses.  In  less  than  one  minute, 
internal  clients  were  surfing  the  Web. 

The  browser-based  administration 
pages  are  refined  holdovers  from 
Celestix  and  use  a  tabbed  interface  for 
easy  navigation.  Finding  your  way 
around  is  easy,  but  getting  into  fine 
details  is  impossible.  Like  with  other  all- 
in-one  boxes,  I  yearned  for  an  Advanced 
button  to  let  me  drill  down  another  level 
for  configuration  flexibility.  Other  Linux 
server  software  (the  Taurus  is  based  on 
an  unnamed  Linux  version)  offers  such 
administration  control,  but  Procom  has 
yet  to  add  that  to  the  Taurus. 

Setting  up  the  Web  server  takes  only  sec¬ 


onds,  and  one  click  starts  the  server  in  the 
Administration  pages.  The  Taurus 
includes  FTP  client  software  (WS_FTP  LE, 
or  Light  Edition)  for  easy  Web-content  file 
transfers  to  post  your  information  on  your 
Web  site.  If  you  prefer  not  to  use  the  pub¬ 
lic-access  FTP  directory,  you  can  choose 
the  directory  to  hold  the  Web  server  files. 
You  also  can  host  multiple  Web  servers 
on  the  Taurus  (which  makes  it  more  com¬ 
plex  to  set  up),  so  if  Joe’s  Hardware 
expands  to  include  Joe’s  Lumber,  each 
could  have  its  own  Web  site. 

The  e-mail  server  can  be  set  up  just  as 
quickly  (one  click  to  start  the  server) 
and  automatically  integrates  all  users 
created  on  the  system.  Any  POP3  e-mail 
client  can  access  the  mail  server,  and 
Procom  includes  an  excellent  Web- 
based  mail  client  with  an  extensive  man¬ 
ual  for  explanation. 

An  antenna  to  extend  your  wireless  range 
is  included  with  the  802.11b  wireless 
access  card  (PC  Card). The  antenna  helps, 
and  using  a  PC  Card  plug-in  for  wireless 
will  make  it  easy  for  Procom  to  upgrade  to 
802.1  la  or  802.1  lg  in  the  future. 

Procom  doesn’t  sell  direct  and  doesn’t 
list  e-commerce  buying  options.  It  has  a 
reseller-based  distribution  plan,  which 
seems  contradictory  to  making  the  Taurus 
so  easy  to  set  up  and  administer,  but  the 
company  is  relying  on  the  dealer  network 
that  sells  its  other  storage  products. 

With  a  starting  price  of  about  $1,700,  the 
Taurus  system  offers  more  for  about  the 
same  money  as  Novell’s  and  Microsoft’s 
software-only  products.The  Taurus  top-end 
unit,  with  512M  bytes  of  RAM  and  a  250G- 
byte  hard  disk,  sells  for  about  $2,550  and 
will  handle  all  server  functions  for  a  busi¬ 
ness  with  several  hundred  users. 


The  breakdown 

Manageability  25% 

3 

Features  25% 

4 

Ease  of  setup  20% 

5 

Documentation  20% 

4 

Reporting  tools  10% 

3 

TOTAL  SCORE 

3.85 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently  subpar 


The  Taurus  isn’t  the  ultimate  server  appli¬ 
ance,  but  it’s  getting  closer.  Lack  of  admin¬ 
istrative  controls  lowers  the  high  ratings 
gained  by  the  easy-setup  LCD  control  win¬ 
dow  and  the  clever  inclusion  of  wireless 
support.  Another  software  upgrade  or  two 
and  this  could  be  a  real  winner.  S3 


Taurus  server 


OVERALL  RATING 

3.85 


Company:  Procom,  (949)852-1000, 
www.procom.com  Cost:  About  $1,700  to 
$2,550.  Pros:  Easy  installation;  front-panel 
LCD  for  installation,  status  readouts  and 
management;  companion 
CD  with  Eudora  e-mail 
client  and  FTP  client 
software;  Web,  e-mail, 
file  and  print  servers. 
Cons:  Management  split 
between  server  LCD  and 
Web  administration 
pages;  too  little  man¬ 
agement  detail  over 
server  and  operating 
system;  only  available 
through  resellers. 


Takes 

■  Hughes  Network  Systems 

recently  announced  a  satellite-based 
Wi-Fi  offering  designed  for  the 
Winnebago  set.  The  service,  which 
Hughes  will  offer  through  wireless 
ISPs  partners,  will  use  Hughes' 
Direcway  broadband  satellite  ser¬ 
vice,  which  provides  nationwide  cov¬ 
erage.  Hughes  recently  completed  a 


pilot  of  the  service,  which  is  available  in 
several  recreational  vehicle  parks  in 
Southern  California.  Although  a  niche 
offering,  the  RV  market  is  growing  and 
today  accounts  for  one  in  12  vehicles, 
according  to  a  University  of  Michigan 
study.  Many  motor  homes  are  owned  by 
retired  baby  boomers  who  are  demand¬ 
ing  Internet  services  while  on  the  road, 
Hughes  says.  Pricing  for  the  service  is 
not  available,  www.hns.com 


announced  support  for  IBM  Lotus 
Instant  Messaging  Everyplace  3.  This 
gives  BlackBerry  users  instant  message 
features  such  as  presence  awareness, 
chat,  and  messaging  between  desktop 
and  mobile  users.  The  software  is  avail¬ 
able  through  Lotus  resellers,  www. 
lotus.com 

■  Smarthome,  a  home-automation  pro¬ 
ducts  vendor,  recently  announced  a  ser¬ 
vice  that  lets  users  view  and  monitor  their 
homes,  and  control  home  electronics 


such  as  lighting,  thermostats,  home 
entertainment  systems  and  appliances. 
The  service  also  sends  alerts  from 
mot  ion -detect  ion  and  other  monitoring 
services  to  a  user’s  PC,  PDA  or  cell 
phone.  The  PC-based  service  comes  in 
two  versions.  SmarthomeLive  includes 
video  monitoring  and  remote  control  or 
devices,  and  image  archiving.  Smart¬ 
homeLive  Action  doesn't  include  video 
camera  monitoring.  The  services  cost  $  10 
and  $8  per  month,  respectively.  Required 
hardware  kits  cost  $300  and  $250 


■  Research  in  Motion  recently 


API  eases  network  processing  integration 


HOW  IT  WORKS 


NPF  IPv4  Unicast  Forwarding  Sendees  APIs 
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Control  plane  software  uses  NPF’s  API  to  manage 
IPv4  forwarding  plane  functions  in  network  devices. 
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O  Open  Shortest  Path  First  (OSPF)  routing  update  arrives  at  network  processing  element  (NPE). 

©  NPE  delivers  update  to  OSPF  routing  protocol  stack  in  the  control  plane. 

©  Route  table  manager  (RTM)  gathers  information  from  OSPF  routing  protocol  stack  and  builds  routing 
information  base  (RIB)  Table. 

©  RTM  calls  the  IPv4  Unicast  Forwarding  APIs  to  download  the  forwarding  information. 

©  One  or  more  messages  are  sent  from  the  APIs’  implementation  to  one  or  more  NPEs  to  populate 
the  forwarding  information  base  (FIB)  in  each  NPE. 


■  BY  PHILIPPE  DAMON  AND  BERNIE  KEANY 

Network  processors  let  network  equip¬ 
ment  vendors  develop  gear  that  customers 
easily  can  upgrade  to  tap  new  applications 
and  protocols.  However,  a  lack  of  hardware 
interface  standards  and  software  APIs  has 
kept  vendors  from  adopting  network 
processor  technologies. 

The  Network  Processing  Forum  (NPF) 
was  launched  in  2001  to  solve  the  prob¬ 
lem  by  establishing  a  common  and  open 
set  of  network  processing  hardware  and 
software  interface  specifications,  along 
with  a  well-defined  set  of  objective  per¬ 
formance  benchmarks. 

Earlier  this  year,  the  group  released  the 
NPF  IPv4  Unicast  Forwarding  Services  API 
Implementation  Agreement.  This  specifica¬ 
tion  details  a  set  of  open,  implementation- 
neutral  APIs  that  control-plane  software  can 
use  to  manage  IPv4  forwarding  plane  func¬ 
tions  in  network-processing  elements. 

The  forwarding  plane  forwards  packets  at 
line  rates.  The  control  plane  controls  and 
modies  the  behavior  of  forwarding  plane 
components.  It  processes  changes  and 
updates  received  from  network  routing 
protocols  such  as  Open  Shortest  Path  First 
and  Border  Gateway  Protocol. 

Using  common  APIs  lets  independent 
software  and  network  processor  vendors 
develop  complete  IPv4  forwarding  solu¬ 
tions  for  network  processing  elements, 
which  are  unique  combinations  of  hard¬ 
ware  and  software.  It  also  simplifies  the  dif¬ 
ficult  task  manufacturers  face  in  migrating 
their  existing  control-plane  software  to  net¬ 
work-processor-based  systems. 

In  the  case  of  a  multi-protocol  router, con¬ 
trol  plane  elements  use  an  application 
called  a  route  table  manager  (RTM)  to  cre¬ 


ate  and  maintain  an  accurate  routing  infor¬ 
mation  base  (RIB)  table  that  contains  all 
known  network-layer  connectivity  informa¬ 
tion.  An  RTM  uses  an  RIB  to  generate  an 
appropriate  subset  of  mapped  IP  destina¬ 
tion  addresses  to  next  hops, routing  metrics 
and  other  data  that  is  downloaded  to  the 
forwarding  plane  elements  using  the  NPF 
IPv4  services  APIs.  The  forwarding  plane 
elements  store  the  data  in  a  forwarding 
information  base  (FIB)  table  as  described 
in  RFC  1812. 

Before  the  NPF  IPv4  Unicast  Forwarding 


Services  API  was  available,  the  APIs  that 
facilitated  communications  between 
control  plane  elements  and  forwarding 
plane  elements  were  proprietary.  Silicon 
manufacturers  had  to  establish  relation¬ 
ships  with  individual  network  stack  ven¬ 
dors  to  create  appropriate  interfaces.  As 
the  number  of  network  protocols,  hard¬ 
ware  vendors  and  software  vendors  grew, 
the  software  libraries  needed  to  maintain 
these  interfaces  became  costly  and  un¬ 
wieldy.  The  IPv4  Services  API  Implemen¬ 
tation  Agreement  establishes  standard 


APIs  so  all  these  components  can  inter¬ 
operate  easily. 

The  NPF  IFV4  Unicast  Forwarding  Service 
API  Implementation  Agreement  optimizes 
on  a  range  of  network  platforms,  including 
everything  from  enterprise-class  switches 
and  routers  to  carrier-class  core  IP  routers. 

This  flexibility  is  enabled  by  two  distinct 
modes  of  organizing  and  manipulating  the 
IPv4  unicast  forwarding  information  stored 
in  FIB  tables.  The  unified  mode,  or  single 
FIB  table  implementation,  is  most  appro¬ 
priate  for  network  designs  in  which  plat¬ 
form  memory  and  cost  are  critical  consid¬ 
erations,  such  as  a  departmental  router.The 
discrete  mode,  or  multiple  table  imple¬ 
mentation,  supports  multiple  disaggregat¬ 
ed  FIB  tables,  enabling  the  reduction  of 
processing  overhead.This  is  critical  in  core 
router  implementations  with  dense  high- 
end  platforms  that  have  hundreds  or  thou¬ 
sands  of  interfaces. 

The  IFV4  Service  API  Implementation 
Agreement  is  the  first  in  a  series  of  APIs  to 
be  established  by  the  NPF  APIs  for  Multi¬ 
protocol  Lable  Switching,  Differentiated 
Services,  IPv6  and  other  network  services 
should  follow  quickly 

Broad  adoption  of  these  services  APIs 
will  let  network  device  vendors  select  the 
components  that  best  meet  their  require¬ 
ments  and  avoid  redesigning  their  systems 
when  choosing  new  network  processing 
hardware  and  software. 

Damon  is  chief  software  engineer  for 
network  processing  and  Keany  is  net¬ 
work  processing  software  architect  at 
Intel.  Both  are  software  task  group  chairs 
of  the  NPF  They  can  be  reached  at 
damon@fr.ibm.com  and  bernie.keany@ 
intel.com,  respectively. 


Dr.  Internet  By  Steve  Blass 

Windows  machines  in  our  network  started  acting 
strangely  two  weeks  ago.  Windows  XP  machines 
have  rebooted  repeatedly,  file  sharing  doesn't 
work,  and  Word  complains  about  Office  Assistant 
being  installed  improperly.  When  we  try  to  go  to 
the  Windows  Update  site,  we  get  a  blank  page.  Is 
this  related  to  the  Remote  Procedure  Call  security 
advisory  Microsoft  recently  released? 

You  might  be  the  victim  of  attacks  based  on  the 
recently  announced  Microsoft  RPC  buffer  over¬ 


flow  problem.  Installing  the  patch  provided  in  the 
MS03-026  security  bulletin  (details  at  www.nw 
fusion.com,  DocFinder:  7231)  could  give  you  access 
to  the  Windows  Update  page,  so  the  rest  of  your 
critical  updates  can  be  installed. 

The  worms  based  on  this  Distributed  Component 
Object  Model  exploit  install  root  kits  that  download 
additional  attack  software,  so  the  only  secure  re¬ 
sponse  is  to  reinstall  everything  from  clean  media 
after  reformatting  the  hard  drive,  and  then  patch 
the  system  before  reconnecting  it  to  the  network. 


Because  few  will  do  this,  you  should  patch  Win¬ 
dows  systems  before  they  are  compromised.  Re¬ 
cent  antivirus  software  updates  will  identify  and 
clean  out  some  worm  variants.  Perimeter  firewalls 
protect  most  business  networks,  but  home  and 
academic  environments  that  do  not  block  Windows 
networking  ports  from  the  Internet  are  vulnerable. 

Blass  is  a  network  architect  at  Change@Work 
in  Houston.  He  can  be  reached  at  dr.  internet 
@changeatwork.  com. 
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Storage  appliances  and  the  latest  on  RAID 


As  we’ve  been  talking  about  Server 
Message  Block  support,  this  week  is  a 
good  time  to  discuss  storage  appli¬ 
ances  that  offer  this  service.  The  advantage 
that  these  devices  provide  is  the  ability  to 
add  storage  to  your  network  painlessly  and 
cost-effectively 

Our  poster  child  for  this  class  of  devices 
will  be  the  Snap  Server  2200  from  Snap 
Appliance  (www.nwfusion.com,  Doc- 
Finder:  7234). Snap  makes  a  range  of  these 
network-attached  storage  devices  de¬ 
signed  for  workgroup,  departmental  or 
enterprise  use  (we  were  going  to  use  the 
“d”  word  —  deployment  —  but  thought 
better  of  it). 

The  differences  between  these  cate¬ 
gories  are  storage  capacity  —  80G  bytes 
is  the  low  end  and  2.16  terabytes  in  a 
single  box  is  the  high  end  —  and  fea¬ 
tures  such  as  which  RAID  levels  are  sup¬ 
ported,  bundled  utilities  and  form  factor 
(desktop  for  the  low  end  and  rack 
mount  for  the  high  end). 


So  this  leads  us  to  a  quick  diversion  on 
RAID,  which  stands  for  Redundant  Array  of 
Inexpensive  Disks.  Note  that  some  people 
claim  that  RAID  stands  for  “Redundant 
Array  of  Independent  Disks,”  but  not  so. 
Now  you  have  a  fine  trivia  card  to  pull  out 
when  the  occasion  arises. 

The  idea  of  RAID  is,  at  least  at  first  blush, 
pretty  simple:  You  take  several  low-cost  dri¬ 
ves  and  write  your  data  across  them  in 
such  a  manner  that  if  (heaven  forfend)  a 
drive  goes  bad  (such  as  a  data  error,  a  head 
crash  or  the  entire  drive  being  sucked  into 
a  wandering  wormhole  and  spat  out  in  an 
alternate  universe  where  data  recovery  is 
unlikely), you  have  a  back-up  copy 

Yep,  simple  in  theory  and  anything 
from  fairly  simple  to  fiendishly  cunning 
in  practice.  First, you  have  RAID  0,  which 
is  useless  in  terms  of  providing  redun¬ 
dancy  but  has  its  own  performance 
benefits. 

RAID  0  distributes  the  blocks  of  each  file 
across  multiple  disk  drives  (this  is  called 
striping),  which  significantly  improves  per¬ 
formance  by  letting  reads  be  split  across 
the  duplicated  drives.Th us,  while  one  drive 
is  performing  one  I/O  request  the  other  is 
handling  a  different  request.  Level  0  is  the 
fastest  and  most-efficient  RAID  type  but 
has  no  fault-tolerance. 


The  next  level,  RAID  1,  provides  disk 
mirroring.  This  keeps  two  disk  drives  syn¬ 
chronized  so  that  if  the  primary  drive  fails 
you  have  a  real-time  duplicate.  RAID  1  is 
used  for  high-performance,  fault-tolerant 
environments. 

RAID  2  is  for  disk  drives  that  do  not  have 
built-in  error  detection.  As  all  SCSI  drives 
have  built-in  error  detection  and  as  RAID 
systems  usually  use  SCSI  drives,  RAID  2  is 
not  generally  used. 

RAID  3  is  the  same  as  RAID  0  but  stripes 
the  data  across  multiple  drives  at  the  byte 
level  and  has  a  single  dedicated  disk 
drive  that  stores  error-correction  data. 
This  level  delivers  good  performance, 
and  can  detect  and  correct  data  errors 
that  a  drive’s  built-in  error  correction 
can’t  handle.  RAID  3  requires  drive  con¬ 
trollers  that  provide  hardware  support  for 
byte  striping. 

RAID  3  is  better  suited  to  environments  in 
which  access  to  large  sequential  records  is 
the  norm,  but  it  doesn’t  let  multiple  reads 
and  writes  be  overlapped.  It  also  requires 
special  drives  (called  synchronized-spin- 
dle  drives)  to  avoid  performance  degrada¬ 
tion  with  small  records. 

RAID  4  is  the  same  as  RAID  3  but  with 
block-level  rather  than  byte-level  striping. 
RAID  4  is 


not  used  as  it  offers  no  advantages  over 
RAID  5. 

The  highest  level,  RAID  5,  uses  block-level 
data  striping  across  multiple  drives  and 
error  correction  also  across  multiple  dri¬ 
ves.  This  is  considered  the  best  choice  for 
multi-user  environments  in  which  writes 
are  less  common  than  reads. 

The  Snap  Server  2200  can  be  configured 
to  use  RAID  1  (mirroring),  RAID  0  (strip¬ 
ing)  or  Just  a  Bunch  Of  Disks  (JBOD). 
Actually  JBOD  is  not  RAID  at  all  but  “disk 
spanning,"  which  makes  the  drives  look 
like  a  single  huge  drive  —  great  for  capac¬ 
ity,  but  like  RAID  0,  no  redundancy.  On  the 
other  hand,  JBOD  is  better  than  RAID  0 
because  a  disk  failure  under  RAID  0 
makes  it  really  hard  to  recover  data  —  it  is 
striped  across  the  drives.  Under  JBOD  the 
blocks  that  make  up  files  will  be  easier  to 
find  and  reconstruct. 

Next  week,  we  get  the  Snap  Sewer  2200 
running.  Upload  your  data  to  gearhead 
@gibbs.com. 
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T-Mobile  launches  color- 
screen  BlackBerry 

T-Mobile  and  Research  in 
Motion  last  week  announced 
availability  of  the  tri-band 
BlackBerry  7230  device, which 
has  a  color  screen  and  works 
on  T-Mobile’s  GSM/  General 
Packet  Radio  Service  network. 

The  7230  costs  $400,  plus  $30 
per  month  for  wireless  e-mail 
service  (for  existing  voice 
T-Mobile  customers),  the  com¬ 
panies  say. 

The  7230  includes  access  to 
up  to  10  corporate  or  personal 

e-mail  accounts  and  Short  Message  Service  functionality 
The  phone  includes  call  waiting,  conference  calling  and 
call  forwarding.  The  device  can  be  held  up  to  the  ear  like 
a  standard  mobile  phone,  or  users  can  attach  the  hands¬ 
free  headset.  It  also  features  a  calendar,  address  book, 
memo  pad  and  task  applications  that  can  be  synchronized 
with  a  PC. 

The  handheld  works  on  the  900-,  1800-  and  1900-MHz 
GSM/GPRS  networks,  which  means  customers  can  use  the 
same  phone  number  around  the  world  as  the  result  of 
T-Mobile’s  international  roaming  agreements,  the  company 
says.  For  more  information  on  the  new  7230,  go  to 


www.nwfusion.com,  DocFmder:  7235. 

Take  photos  with  your  iPaq 

HP  announced  last  week  an  attach¬ 
ment  to  its  iPaq  line  of  PDAs  that  will  let 
users  take  digital  images  with 
their  devices.  The  HP  Photo¬ 
smart  Mobile  Camera  is  an  iPaq 
attachment  that  lets  you  take  pic¬ 
tures  and  send  them  to  a 
Bluetooth-enabled  printer. 

The  device  is  a  1.3-megapixel 
camera  that  features  a  4X  digital 
zoom  and  a  180-degree  rotating 
lens,  and  weighs  only  1.1 
ounces.lt  uses  the  Secure  Digital 
I/O  interface  to  attach  to  an  iPaq 
(the  PDA  must  have  SDIO  capa¬ 
bilities).  The  device  also  has 


Subscribe  to  ourtree  newsletter. 
DocFinder:  5434  www.nwfusion.com 


HP's  new  camera  for  PDAs 
lets  you  send  pictures  to  a 
Bluetooth  printer. 


The  BlackBerry  7230  includes 
access  to  10  e-mail  accounts. 


automatic  settings  that  adjust  the  light  levels,  shut¬ 
ter  speeds  and  exposure  time  of  the  camera.  The 
attachment  also  includes  digital-video-capture 
capabilities,  including  adding  an  audio  message  to 
the  images. 

Pricing  has  not  been  announced,  and  the 
device  is  expected  to  be  available  in  October. 


Get  21  inches  for  the  price  of  19 

No,  this  isn’t  the  subject  header  on  the  lat¬ 
est  spam  e-mail,  it’s  the  pitch  from  NEC- 
Mitsubishi  on  its  latest  flat-panel  LCD  mon¬ 
itor.  The  new  NEC  MultiSync  LCD1960NX 
monitor  includes  screen-enhancing  tech¬ 
nology  that  provides  a  viewing  area  com¬ 
parable  to  that  of  a  21-inch  CRT  monitor, 
the  company  says. 

The  $749  monitor  includes  features  such 
as  250  cd/m  of  brightness,  a  600: 1  contrast 


ratio  and  a  maximum  resolution  of  1,280  by 
1,024  pixels.lt  also  includes  a  height-adjustable 
stand  to  better  fit  the  viewing  angle  of  users, 
NEC-Mitsubishi  says.  It  also  supports  NEC’s 
NaviSet  software,  which  lets  users  and  admin¬ 
istrators  adjust  display  settings  with  a  mouse 
and  keyboard  instead  of  using  the  buttons  on 
the  monitor. 

HP  launches  17-inch  widescreen  notebook 

HP  also  last  week  launched  a  17-inch 
widescreen  notebook,  joining  other  compa¬ 
nies  in  the  market  with  widescreen  offerings 
(including  Apple,  Dell  and  Gateway).  This  is 
HP’s  second  foray  into  widescreen  note¬ 
books,  as  it  recently  launched  a  15.4-inch  ver¬ 
sion  in  June  (the  Presario  XI 000). 

The  HP  Pavilion  zd7000  includes  a  17-inch 
display  with  a  16:10  aspect  ratio  and  WXGA+ 
resolution  (1,440  by  900  pixels).  It  also  includes  an  NVIDIA 
GeForce  FX  Go5600  graphics  processor  and  built-in 
Harman  Kardon  speakers,  HP  says. 

The  notebook  has  an  Intel  Pentium  4  processor  with 
speeds  up  to  3.2  GHz;  integrated  802. 1  lg  wireless  LAN  con¬ 
nectivity;  and  support  for  Secure  Digital,  MultiMedia, 
Memory  Stick,  Memory  Stick  Pro  and  SmartMedia  cards.  An 
IEEE  1394  (Firewire)  port  and  four  USB  2.0  ports  are  avail¬ 
able  for  peripheral  expansion.  The 
zd7000  has  a  thin  design  (1.8  inches 
thick),  but  weighs  about  9.3  pounds. 
The  zd7000  is  priced  starting  at  about 
$1,500,  and  will  be  available  later  this 
month  on  HP’s  Web  site. 

Shaw  can  be  reached  at  kshaw@ 
nww.com. 

The  HP  Pavilion  zd7000  has  a  16:10  as¬ 
pect  ratio  and  1,440-by-900  resolution. 
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10G:  Worth 
your  attention 

Dismissing  10G  Ethernet  for  the  enterprise  comes 
easily  to  many  industry  watchers.“That’s  just  too 
much  bandwidth  for  your  average  user  organiza¬ 
tion,"  they  typically  scoff. “Trulyf  they  say,“10G  belongs  in 
the  carrier  domain.”  Even  the  network  engineer  I  asked  to 
write  a  story  about  10G  switches  for  the  enterprise  argued 
that  point  at  first. The  gist  of  his  argument:  All  the  action  is 
in  the  public  network. 

Maybe,  maybe  not.  10G  Ethernet  is  a  huge  amount  of 
bandwidth,  and  carriers  with  their  chunky  cross-country 
and  metropolitan-area  routes  have  good  reason  to  grab  up 
10G  switches.  For  them,  10G  makes  for  a  reasonable,  in¬ 
creasingly  cost-effective  alternative  to  traditional  WAN  tech¬ 
nologies  such  as  packet  over  SONET  and  ATM. 

But  a  growing  number  of  enterprise  users  are  finding  10G 
a  compelling  story,  too. 

Today,  10G,  maturing  nicely  since  stamped  with  the  IEEE’s 
approval  in  mid  2001 ,  is  worth  everybody’s  attention.The 
reasons  are  piling  up, as  we  explore  in  our  special  “10G: 

Big,  bad  bandwidth”  coverage  beginning  after  page  26. 

For  starters,  1G  oftentimes  isn’t  quite  enough  anymore  for 
many  corporations.The  10G  version  of  the  technology  is 
proving  useful  on  high-volume  storage-area  networks  and 
back-up  segments,  within  data  centers  heavy  with  1G- 
based  switching  and  routing  cores,  and  for  carrying  band¬ 
width-intense  applications  such  as  IP  telephony  and  real¬ 
time  audio  and  video  multicasting. 

And  then  comes  the  basic  maturation  of  a  technology 
that  pushes  it  from  the  “needs  to  be  watched”  to  the  “needs 
to  be  sampled”  stage.  In  this  case,  technology  refinements 
and  cost  reductions  are  coming  together  to  make  10G,at 
least  in  trial  mode,  a  palatable  decision. 


Not  cost-effective 

Regarding  “BellSouth  lowers  DSL  pricing”  (www.nw 
fusion.com,  DocFinder:  7223):  To  do  an  adequate 
cost  comparison, you  should  ratio  the  upload/down¬ 
load  speeds  to  the  monthly  cost.  That  way,  you  have 
a  dollars/speed  ratio  for  comparison  purposes. 
Losing  three-quarters  of  your  download  speed  for  a 
reduction  in  monthly  payment  of  $10  might  not  be 
that  cost-effective  or  worth  the  speed  loss. 

Frank  Cicchetto 
Consultant 
MacFAC.com 
Reston,Va. 

Filter  factors 

After  reading  “Filters  on  routers:  The  price  of  perfor¬ 
mance”  (DocFinder:  7224),  I  was  a  bit  perplexed 
because  I  have  never  run  into  any  problems  with 
Cisco  routers  and  access  lists.  My  company  uses  all 
manner  of  Cisco  access  routers  in  our  network,  from 
1600s  to  3700s,  depending  on  circuit  size.  1  was 
shocked  by  your  report  that  the  2651  couldn’t  keep 
up  with  even  a  single  T-l  when  access  control  lists 
(ACL)  were  applied.  We  don’t  have  any  of  these 
routers  in  our  network,  but  because  the  2651  is  a  sig¬ 
nificant  improvement  over  the  2621, 1  figured  the 
performance  should  be  better. 

It’s  a  good  thing  you  made  the  2651  configura¬ 
tions  available.  After  looking  at  them,  it  seems  that 
the  tester  had  an  ax  to  grind  with  Cisco.  Who  turns 
on  logging  for  every  line  in  a  256-line  ACL?  You 
also  failed  to  turn  off  console  logging  with  the  sim¬ 
ple  command  “no  logging  console.”  Because  you 
also  did  not  enable  Cisco  Express  Forwarding 
(CEF)  switching,  every  packet  being  checked 
against  the  ACL  will  be  fast  or  process-switched, 
and  every  log  message  sent  to  console  will  cause 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  lor  veriPication. 


a  processor  interrupt. 

You’ll  no  doubt  respond  by  saying  that  if  Cisco  had 
chosen  to  participate,  it  could  have  selected  a  more 
appropriate  platform  and  configuration.  If  your  edi¬ 
torial  policy  is  that  vendors  must  cooperate  to  get  a 
fair  shake,  I  would  suggest  leaving  out  vendors  that 
decline  your  requests  instead  of  bashing  them  in 
your  review. 

I  also  would  point  out  another  major  difference 
between  Cisco  and  the  other  vendors,  which  might 
have  helped  in  your  review.  Cisco’s  Web  site  contains 
the  entire  body  of  knowledge  with  regards  to  con¬ 
figuring,  optimizing  and  troubleshooting  their  prod¬ 
ucts.  If  you  had  been  a  real-world  user,  you  could 
have  started  at  www.cisco.com  and  found  out  how 
the  performance  issues  you  experienced  were  not  a 
result  of  “aging  hardware,”  but  your  own  configura¬ 
tion  choices.  The  same  level  of  support  is  not  avail¬ 
able  to  the  public  for  the  other  vendors’  equipment. 

Ben  Setnick 
Dallas 

Reviews  author  David  Newman  replies:  We  tested 
all  routers  with  logging  enabled.  Further,  Cisco  saw 
and  signed  off  on  configurations  and  test  results 
before  publication.  While  we  certainly  have  no  ax  to 
grind  with  any  vendor,  the  results  of  this  test  suggest 
some  products  handle  filtering  and  togging  with  no 
performance  hit  and  others  don ’t. 

Originally  the  test  plan  called  for  a  separate  set 
using  filter-acceleration  methods.  In  Cisco's  case, 
mechanisms  such  as  CEF  and  Turbo  ACLs  might  have 
improved  performance.  However,  none  of  the  other 
devices  tested  needed  acceleration  methods,  so  we 
dropped  this  test  event. 

1  respectfully  disagree  that  tests  should  only  include 
products  from  participating  vendors.  Our  allegiance 
lies  with  end  users,  not  the  marketing  departments  of 
equipment  makers.  If  a  commonly  used  product 
encounters  performance  problems,  this  information  is 
of  interest  to  enterprise  network  professionals. 


Take  just  one  vendor,  Extreme  Networks,  as  an  example. 
The  company  is  working  out  the  flakiness  in  its  initial  “get 
to  market  fast”  10G  blades,  alleviating  the  throughput  prob¬ 
lems  that  limited  interconnections  to  4G  bit/sec,  and  the 
latency  and  jitter  errors  that  botched  transmissions.  Its 
Mariner  switch, set  for  release  by  year-end,  will  provide  six- 
port  10G  blades  at  $8,000  apiece. 

Finally, service  providers  are  talking  about  edging  into  the 
10G  enterprise  action.  For  example,  AT&T  has  talked  about 
developing  10G  metropolitan-area  network  (MAN)  services 
that  would  find  their  way  to  the  table  in  another  year  or  so. 
The  potential  there  is  grand,  as  the  enterprise  LAN  merges 
seamlessly  with  the  MAN  and  then  even  the  WAN. 

Gartner  expects  to  see  a  big  boost  in  10G  pickup  begin¬ 
ning  next  year.  It  forecasts  that  10G  volumes  will  begin  at 
least  triplii  ig  year  over  year,  from  5,000  ports  sold  next  year  to 
185,00()  in  2007,  with  the  average  per-port  pricing  dropping 

to  at  Hint  $7,700.  Now  those  figures  are  nothing  to  snigger  at. 

—  Beth  Schultz 
Editor, Signature  Series 
bschultz@nww.  com 
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STRATEGY  SESSION 

Jeff  Kaplan 

Many  in  the  industry  see  the  Oracle- 
BeopleSoft  tug  of  war  as  a  clear  indi¬ 
cation  of  the  inevitable  maturation 
and  consolidation  of  the  enterprise  software 
industry.  However,  there  is  another  interpreta¬ 
tion  of  the  real  meaning  of  this  intramural  dis¬ 
pute.  As  the  features  and  functions  of  today’s 
enterprise  applications  become  less  differentiated,  a  greater  emphasis 
is  placed  on  the  way  these  applications  are  delivered  and  managed.  It 
is  this  fundamental  shift  that  is  rekindling  the  fortunes  of  a  nearly  ex¬ 
tinct  species  of  suppliers:  application  service  providers. 

Enterprise  applications  ranging  from  CRM  to  supply-chain  manage 
ment  (SCM)  emerged  as  essential  tools  for  corporate  re-engineering  in 
the  1990s.  But  it  didn’t  take  long  for  companies  to  become  frustrated 
attempting  to  implement,  integrate  and  maintain  enterprise  applica¬ 
tions.  Gartner  estimates  it  now  costs  five  to  10  times  as  much  as  original 
licensing  fees  to  implement  enterprise  software.  Given  the  hidden 
costs,  many  companies  aren’t  getting  the  ROl  they  expected  from  these 
applications  and  are  looking  for  alternatives. 

Enter  the  ASPs.  Like  many  artifacts  of  the  Internet  craze,  ASPs  failed  to 
meet  customers’  original  expectations  and  saw  their  fortunes  fade.  But 
now  they  are  attempting  to  capitalize  on  customers’  growing  frustra¬ 
tions  with  traditional  application  acquisition  models  and  willingness  to 
outsource  any  corporate  function  that  others  can  manage  more  eco¬ 
nomically.  ASPs  not  only  are  offering  a  variety  of  software  subscription 
services,  they  are  expanding  into  business  process  outsourcing  and 
utility  computing  services  to  satisfy  customers’  needs  for  new  business 


ASPs  prepare  to  make  comeback 


solutions  with  more-flexible  pricing  methods. 

Yet,  even  as  ASPs  gain  momentum,  they  are  facing  another  round  of 
competitive  pressures.  New  “net-native”  ASPs,  such  as  Salesforce.com 
and  NetLedger,  are  selling  low-cost  CRM  and  financial  applications 
built  to  be  delivered  via  the  Web. Traditional  outsourcers  and  telecom 
carriers  are  offering  an  expanding  array  of  hosting  services.  And  even 
the  independent  software  vendors  (ISV)  are  aggressively  expanding 
their  application  hosting  and  management  service  capabilities. 

If  you  are  considering  outsourcing,  ask  yourself  these  questions: 

•  Which  applications  are  most  difficult  for  you  to  implement,  main¬ 
tain  and  manage? 

•  Is  there  anything  truly  proprietary  about  these  applications  that  pre¬ 
vents  you  from  using  an  outside  service  provider  to  host  and  manage 
them?  If  not,  what  type  of  skills  are  most  important  for  you? 

•  Do  you  need  to  turn  to  an  ISV  hosting  and  management  service  that 
has  in-depth  expertise  and  experience  in  its  own  software  applications? 
Or  do  you  need  to  integrate  a  variety  of  applications  in  a  fashion  that 
many  of  the  independent  ASPs  can  do  via  their  multi-tenant  services? 
Or  do  you  need  help  managing  both  your  applications  and  hardware 
systems,  as  the  major  outsourcers  do  best? 

It  is  a  good  time  to  look  at  application  outsourcing  alternatives.  By 
clearly  understanding  your  application  management  and  hosting  re¬ 
quirements, you  can  take  advantage  of  the  growing  assortment  of  inde¬ 
pendent  and  ISV-managed  ASP  alternatives. 


Now  they  are 
attempting  to 
capitalize  on  cus¬ 
tomers'  growing 
frustrations  with 
traditional  appli¬ 
cation  acquisi¬ 
tion  models. 


Kaplan  is  managing  director  of  THINKstrategies,  a  consultancy  in 
Wellesley,  Mass.  He  can  be  reached  at  jkaplan@thinkstrategies.com. 


REALITYCHECK 

Thomas  Nolle 

As  MCI  struggles  to  emerge  from  Chapter 
1 1  and  regain  the  confidence  of  its  cus¬ 
tomers,  it  seems  as  if  every  procedural 
business  step  forward  is  followed  by  a  new 
revelation.  The  latest  is  that  MCI  might  have 
accounted  for  inter-carrier  calls  incorrectly 
dodging  payments  to  both  regional  Bell  oper¬ 
ating  companies  and  interexchange  carrier  competitors. Some  press  re¬ 
ports  say  the  total  amount  involved  could  reach  billions  of  dollars. 

We  know  what  to  do  with  individuals  who  break  the  law:  Prosecute 
and  jail  them.  MCI’s  proving  that  we  don’t  quite  know  what  to  do  with 
a  company  that  breaks  the  law.  Companies, after  all, are  not  living  organ¬ 
isms  but  simply  collections  of  employees,  stockholders  and  real  estate. 
Even  if  all  the  charges  levied  against  MCI  are  true,  did  all  the  workers 
know  about  the  foibles?  Probably  not,  so  jailing  the  whole  company 
doesn’t  seem  logical. 

If  we  agree  that  we’re  not  going  to  put  “MCI”  in  jail,  then  what  are  we 
going  to  do?  Some  competitors  have  argued  that  MCI  should  be  liq¬ 
uidated  because  letting  it  resume  operation  cleaned  of  debt  would 
“reward”  it  for  its  misdeeds.  Some  want  hefty  fines  levied.  There’s  a 
range  of  options  that  all  reduce  to  “kill  the  company”  in  some  way  or 
another.So  should  we  kill  MCI  by  liquidating  it?  At  the  very  beginning 
of  this  saga  of  revelations  last  year,  1  thought  we  should  do  just  that. 
Now  it’s  too  late. 

There  are  thousands  of  secretaries, salespeople  and  others  working  at 
MCI  today.The  number  who  might  have  known  about  any  company 
irregularities  is  minuscule.  Forcing  MCI  to  liquidate  will,  perhaps,  hurt  a 
few  of  those  who  were  responsible  and  a  lot  of  everyday  people  who 
did  nothing  wrong.  We  just  agreed  that  we  can’t  jail  them  for  simply  hav¬ 
ing  worked  at  a  company  that  some  want  to  characterize  as  a  criminal 
enterprise.  Can  we  then  count  them  unemployed  for  that  same  sin? 

What  about  the  auditors  and  regulators  who  were  supposed  to  watch 
over  this  whole  process?  What  about  the  business  press  that  reported 


Time  to  end  the  MCI  saga 


on  glowing  growth  during  the  very  period  when  accusers  say  the  com¬ 
pany  was  cheating  on  its  inter-carrier  accounting?  Surely  these  people 
had  at  least  as  much  responsibility  for  the  problems  at  MCI  as  the  aver¬ 
age  MCI  worker  did.  How  does  liquidating  MCI,  or  withdrawing  govern¬ 
ment  contracts  to  effectively  force  a  failure  of  the  company  deal  with 
these  overseers? 

Then  there  are  the  customers.  All  of  MCI’s  detractors/competitors  are 
eager  to  see  them  reapportioned  among  the  survivors  —  including 
them, of  course.  Maybe  this  would  be  healthy  for  the  remaining  players, 
but  it’s  kind  of  hard  on  the  users  of  MCI  services.  How  will  each  of  the 
users, each  of  the  networks.be  transitioned  to  another  carrier?  Imagine 
a  liquidated  MCI,  with  lines  and  switches  bought  at  fire  sale  prices. What 
happens  to  the  traffic  those  elements  carried,  and  how  long  will  it  take 
to  eliminate  the  disruption  in  service  that  this  liquidation  creates?  To 
protect  customers,  we’d  almost  have  to  sell  MCI  intact,  leaving  the  buyer 
to  continue  to  fulfill  customer  contracts. 

And  who  benefits,  then?  If  MCI’s  operation  was,  as  alleged,  created  in 
part  by  criminal  behavior,  do  we  decriminalize  it  by  selling  it  off?  If 
AT&T  or  SBC  or  Verizon  acquires  MCI,  will  they  then  acquire  the  crimi¬ 
nal  and  civil  liability  for  future  disclosures  of  wrongdoing?  The  sur¬ 
vivors  would  acquire  the  same  assets  MCI  now  has.  If  they’re  tainted  for 
MCI,  they’re  tainted  for  everyone  else. You  can’t  launder  companies. 

We’re  at  the  point  where  we’ve  let  the  MCI  deal  play  out  to  the 
very  edge  of  rehabilitation.  We’ve  accepted  the  past  sins  we’ve 
known  about. We  should  accept  this  one,  too. We’ve  come  too  far  — 
but  in  particular  MCI  employees  and  customers  have  come  too  far 
—  to  decide  that  one  more  accusation  will  break  the  back  of  MCI’s 
emergence. 

Continue  to  investigate.  Punish  the  guilty  through  due  process.  Let  the 
innocent  get  back  to  work. 


Forcing  MCI  to 
liquidate  will, 
perhaps,  hurt  a 
few  of  those  who 
were  responsible 
and  a  lot  of 
everyday  people 
who  did  nothing 
wrong. 


Nolle  is  president  of  CIMl,  a  technology  assessment  firm  in  Voorhees, 
N.J.  He  can  be  reached  at  (856)  753-0004  or  tnolle@cimicorp.com. 
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NetWOfkWorld  SOFTWARE-BASED  web  appucation  firewalls 

AppShield  edges  InterDo  in 
battle  of  Port  80  filters 

■  BY  THOMAS  POWELL,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

Traditional  firewalls  —  when  properly  configured  and  managed  —  do  a  good  job  of  thwarting  many  network-level 

attacks,  but  do  little  to  address  gaping  holes  in  Web  applications  where  intruders  commonly  attack  Web  sites  directly 
through  form  submissions  or  URL  manipulations. 


A  new  class  of  products  —  often- 
dubbed  Web  application  firewalls  — 
attempt  to  thwart  Port  80  focused 
attacks  by  using  blacklist-  and  whitelist- 
style  input  filtering.  We  examined  six 
software-based  offerings:  eEye  Digital 
Security’s  SecurellS,  KaVaDo’s  InterDo, 
MultiNet’s  iSecureWeb,  Sanctum’s 
AppShield,  Turillion  Software’s  eServer 
Secure  and  webScurity’s  webApp. 
secure.  We  tested  all  the  products  on 
Microsoft’s  Internet  Information 
Services  (IIS)  but  most  also  work  with 
Linux  and  Apache.  A  future  review  will 
cover  hardware-based  products. 

InterDo  and  AppShield  stood  above 
the  rest  in  terms  of  ability  to  defend 
against  attacks  and  suitability  for  large- 
scale  Web  site  deployments.  While  ex¬ 
treme  flexibility  is  the  key  to  InterDo, 
the  dynamic  policy  generation  and 
strong  default  configuration  of  App¬ 
Shield  gave  it  a  slight  edge  in  our  evalu¬ 
ation  and  earned  it  our  World  Class 
award. 

Common  attack  methods 
come  into  play 

To  understand  Web  application  fire¬ 
walls  you  have  to  understand  what  they 
attempt  to  defend  against.  The  most 
basic  application  attacks  modify  an 
HTTP  request  to  cause  a  problem  on 
the  server  or  force  it  to  divulge  useful 
information.  Generic  attacks  might  use 
long  URLs  to  trigger  buffer  overruns, 
attempt  to  traverse  the  site’s  root  direc¬ 
tory  to  run  trusted  commands,  or 
exploit  extended  HTTP  features  to  sup¬ 
port  online  collaboration  using 
WebDAV.  WebDAV  (Web-based  Distrib¬ 
uted  Authoring  and  Versioning)  is  an 
extension  of  HTTP  that  lets  users  col¬ 
laborate  via  the  Internet. 

More  sophisticated  attacks  rely  on 
knowledge  of  how  the  Web  application 
works.  In  database-driven  sites  using 
dirty  URLs  like  http://www.sitename. 
com/app.  asp?id=5,  SQL  commands 
might  be  appended  to  the  URL  in  an 
attempt  to  dump  useful  data  or  gain 
write  access  to  the  back-end  database. 
F  ;  ms  also  might  be  open  for  SQL  injec¬ 
tion.  and  tampering  with  hidden  data 


fields  and  manipulation  of  maximum 
data  size  limitations,  which  can  lead  to 
buffer-overrun  problems.  Given  the  mul¬ 
titude  of  possible  attack  methods,  any 
data  from  the  user  —  be  it  a  simple 
HTTP  request,  URL  or  form  submission 
—  should  not  be  trusted  implicitly. 

Divergent  defensive  strategies 

To  combat  potential  exploits,  a  Web 
application  firewall  will  take  one  of  two 
approaches.  A  negative  model  or  black¬ 
list  product  looks  for  common  attack 
signatures  and  warns  the  administrator 
or  blocks  the  user  when  it  encounters 
one.  A  positive-model  or  whitelist  fire 
wail  determines  all  the  allowable  re¬ 
quests,  and  inputs  and  disallows  every¬ 
thing  else.  Some  products  try  to  blend 
the  two  approaches,  but,  essentially,  all 
the  products  tested  emphasize  either  a 
positive  or  negative  model. 

A  few  of  the  products  also  addressed 
common  Web  server  information  leak¬ 
age  issues  such  as  masking  server  head¬ 
ers  or  sending  back  generic  or  config¬ 
urable  error  pages.  It  was  disconcerting, 
however,  to  see  how  easy  it  was  to  iden¬ 
tify  some  of  the  application  firewall 
products  via  hard-coded  error  pages  or 
telltales  (some  signature  response  that 
is  different  enough  for  the  intruder  to 
know  what  kind  of  tool  is  in  play)  in 
response  headers.  Trying  to  improve 
security  simply  by  obscuring  potentially 
dangerous  information  is  not  true  secu¬ 
rity.  Such  blatant  information  leakage 
seems  foolish  in  a  security  product  and 
fails  to  address  the  well-known  fact  that 
reconnaissance  is  a  key  part  of  success¬ 
ful  intrusion  strategies. 

These  tested  products  spread  an  obvi¬ 
ous  spectrum  of  cost  vs.  functionality. 
Those  employing  the  positive  model 
generally  are  more  expensive  and 
sophisticated  than  the  products  that 
use  the  negative-model  approach  (see 
pricing  in  NetResults  box,  page  49). 
Another  key  cost  factor  is  the  underly¬ 
ing  architecture.  EServer  Secure 
appears  intended  for  single-server 
implementations,  while  AppShield, 
InterDo  and  webApp.secure  serve  more 
as  proxies,  capable  of  protecting  multi¬ 


ple  servers.  Higher-end  products 
AppShield  and  InterDo  also  possess 
remote-management  capabilities  and 
distributed  architectures,  features 
designed  with  server  farm  deployments 
in  mind. 


Sanctum’s  AppShield  edged  out  the  compe¬ 
tition  as  our  World  Class  award  winner 
because  of  its  dynamic  policy  generation 
and  strong  default  configuration. 


Raise  your  AppShield 

Sanctum’s  AppShield  boasts  a  fully 
distributed  architecture  designed  for 
server  farm  deployments.  Components 
include  a  crisp  Java-based  manage¬ 
ment  console,  a  configuration  server 
(mysql  is  used  for  database  support) 
and  one  or  more  firewall  nodes. 

AppShield  uses  a  positive  model  built 
around  what  Sanctum  calls  its  Dynamic 
Policy  Recognition  Engine.  Outgoing 
pages  are  scanned  and  the  appropriate 
whitelist  of  allowable  inputs  is  con¬ 
structed  accordingly. Such  dynamic  pol¬ 
icy  generation  is  a  considerable  help  in 
getting  the  product  up  and  running 
quickly,  and  maintaining  security  poli¬ 
cies  as  the  site/application  changes.The 
general  policy  defaults  put  in  place 
when  one  chooses  the  desired  security 
level  are  easily  loosened  by  browsing  or 
crawling  the  site  using  a  trusted  IP 


address,  if  you  find  that  the  default  level 
is  too  strict  for  a  site  or  application. 

AppShield  has  a  “passive  mode”  that 
logs  but  does  not  block  requests  that 
would  violate  policy.  This  mode  lets 
policies  be  tested,  which  the  adminis¬ 
trator  can  modify  selectively  in  real 
time  by  right-clicking  the  request  that  is 
in  violation.  If  there  are  multiple 
AppShield  nodes  deployed  in  a  server 
farm,  the  passive  mode  role  could  be 
permanently  given  to  a  single  node. 
That  node  could  then  serve  as  a  moni¬ 
tor  or  honeypot  for  the  entire  farm.  In 
general,  AppShield  gets  high  marks  for 
ease  of  configurability 
AppShield’s  dynamic  policy  genera¬ 
tion  worked  well  to  prevent  forceful 
browsing  by  automatically  restricting 
traffic  patterns  to  legitimate  naviga¬ 
tion  paths  and  limiting  form-field  tam¬ 
pering.  AppShield’s  default  policies, 
however,  were  more  restrictive  than 
other  products  tested  when  it  came  to 
preventing  simple  SQL  injection.  The 
default  policies  also  block  standard 
attacks  such  as  buffer  overruns,  directo¬ 
ry  traversals  and  suspicious  URLs.  For 
preventing  repeated  attacks  that  violate 
security  policies, AppShield  can  notify  a 
Check  Point  firewall  using  the  Open 
Platform  for  Security  (OPSEC)  standard 
that  a  particular  IP  should  be  blocked  at 
the  network  level. 

Customizable  error  pages  are  provid¬ 
ed,  but  there  are  some  shortcomings. 
Although  the  error  page  is  passed  with 
an  HTTP  reason  code  to  display,  the 
page  itself  is  retrieved  using  a  redirect, 
meaning  that  the  underlying  HTIT 
response  code  is  always  a  302  (a  redi¬ 
rect)  followed  by  a  200  (Ok)  —  not  the 
code  that  reflects  the  actual  state  of  the 
response.  Like  many  of  the  firewalls, 
AppShield  runs  fast  and  loose  with 
HTTP  response  codes,  which  is  trou¬ 
bling  from  standards  compliance  and 
raises  the  possibility  that  potential 
hackers  might  fingerprint  the  security 
software  in  place  from  non-standard 
responses. 

On  a  side  note, AppShield  takes  advan¬ 
tage  of  being  a  proxy  to  provide  some 
interesting  security-oriented  features 
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that  go  beyond  the  usual  menu  of  appli¬ 
cation  firewall  options:  URL  mapping 
(including  regular  express  matching)  and 
the  ability  to  globally  prohibit  direct 
downloading  of  image  and  multimedia 
files,  often  dubbed  “leeching.”  This  inter¬ 
esting  feature  suggests  the  possibility  of 
application  firewalls  eventually  merging 
with  authorization  and  access-control 
functionality  to  provide  a  complete  appli¬ 
cation  security  framework. 

InterDo  can  do 

KaVaDo’s  InterDo  was  designed  with  a 
large  distributed  deployment  in  mind. 
One  or  more  server  nodes  communicate 
with  the  Java-based  management  con¬ 
sole  via  built-in  Secure  Sockets  Layer 
(SSL)  encryption  —  a  feature  none  of 
the  competing  products  equal.  The 
application  server  nodes  run  as  a  set  of 
services  (in  the  Windows  environment). 

Although  there  is  no  central  configura¬ 
tion  server,  administration  of  all  nodes 
can  be  done  from  a  single  console.  Strict 
password  requirements  and  the  ability 
to  set  up  multiple  users  with  different 
administrative  privileges  show  that 
InterDo  is  serious  about  keeping  its 
house  in  order,  while  supplying  security 
for  the  Web  application. 

InterDo  uses  a  positive-model  approach 
with  some  novel  architectural  concepts. 
Trusted  and  untrusted  zones  are  joined 
by  what  KaVaDo  calls  “tunnels,”  an 
abstraction  describing  a  connection 
between  trusted  and  untrusted  IP  address 
and  port  combinations.  Within  the 
metaphor  of  a  tunnel, security  policies  are 


segregated  into  functional  areas  called 
“pipes,"  several  of  which  can  be  com¬ 
bined  within  a  single  tunnel  and  selec¬ 
tively  applied  to  one  or  more  applications 
in  a  configurable  order  of  precedence. 
Examples  of  pipes  include  general  vul¬ 
nerabilities  (URL,  header  and  entity  pat¬ 
tern  matches),  database  issues  (parame¬ 
ter  screening),  cookies  and  HTTP  meth¬ 
ods.  Default  pipes  do  a  good  job  with 

Strict  password  require¬ 
ments  and  mutli-level 
administrative  rights 
show  InterDo  is  serious 
about  keeping  its  house 
in  order. 

common  buffer  overruns,  directory  traver¬ 
sals  and  SQL  injection.  The  default  set¬ 
tings  did  not  stop  form  manipulations  by 
default,  but  it  is  possible  to  set  up  custom 
tunnels  and  rules. 

InterDo  gives  administrators  a  great 
deal  of  flexibility  in  configuring  security 
policies  —  more  so  than  any  other  prod¬ 
uct  we  tested.  On  the  downside,  initial 
configuration  is  nowhere  near  as  easy  as 
AppShield’s  and  is  probably  best  under¬ 
taken  only  after  reading  the  manual  very 
carefully. 

There  is  a  “lean  mode”  that  lets  adminis¬ 
trators  monitor  and  selectively  modify 


certain  pipes  in  real  time,  and  requests 
that  run  afoul  of  the  security  policies  are 
blocked  while  these  refinements  are 
made.  This  is  a  safe  and  helpful  way  to 
manage  the  complexity  of  configuring 
multiple  pipes. 

Another  helpful  management  feature  is 
the  update  service  that  can  securely 
update  pipes  in  real  time  using  SSL  and 
digital  signatures. 

InterDo  has  an  IP-blocking  feature  that 
temporarily  prevents  continued  access 
from  visitor  IP  addresses  that  have  gen¬ 
erated  enough  security  policy  violations 
to  constitute  a  suspect  pattern  of  mali¬ 
cious  behavior.  Suspect  attackers  are 
given  a  security  score  (high,  medium  or 
low)  and  blocked  for  varying  durations. 
The  response  to  further  requests  from  a 
blocked  IP  is  simply  a  dropped  connec¬ 
tion,  but  it  might  be  better  —  especially 
for  Level  1  attacks  —  to  have  the  option 
to  show  the  possibly  malicious  user  a 
configurable  message.  For  those  with  a 
Check  Point  firewall,  InterDo  is  also 
OPSEC-compatible  for  firewall-based 
network  blocking. 

SecurellS:  URLScan  on  steroids 

EEye  Digital  Security’s  SecurellS  has  by 
far  the  best  user  interface  of  all  the 
products  tested.  The  program  uses  an 
interface  similar  to  Microsoft  Outlook’s 
that  makes  configuring  this  negative- 
model  application  firewall  trivial. 
Unfortunately,  SecurellS  lacks  the  depth 
of  many  of  the  other  products  and 
appears  to  do  little  beyond  what  a  capa¬ 
ble  administrator  could  do  with  Micro¬ 


soft’s  free  URLScan  tool. 

While  SecurellS  could  deal  with  mal¬ 
formed  requests  exceeding  size  limits 
and  basic  URL  tampering,  it  couldn’t 
detect  and  block  any  form  tampering  or 
careful  SQL  injection. 

Furthermore,  the  product  sent  back  the 
inappropriate  406  “Not  Acceptable”  HTTP 
response  code  on  request  rejection, 
rather  than  403  “Forbidden”  or  404  “Not 
Found”  message,  as  it  probably  should. 
This  is  the  wrong  response  code  and 
informs  a  potential  intruder  that 
SecurellS  is  being  used. 

SecurellS  does  have  some  nice  features 
to  ease  deployment  in  a  multi-server  envi¬ 
ronment  by  letting  policies  easily  be  repli¬ 
cated  to  other  systems.  The  product  also 
has  some  basic  file-integrity  monitoring 
features  that  could  be  useful  if  an  intrud¬ 
er  penetrated  a  machine,  but  they  seem 
out  of  place  in  an  application  firewall 
offering. 

SecurellS  is  targeted  at  users  looking  to 
have  the  support  and  ease  of  use  missing 
from  URLScan.  Interestingly,  eEye  recently 
announced  a  free  personal-use  version  of 
its  software  that  makes  this  product  an 
obvious  replacement  for  URLScan  and 
obvious  first  step  for  those  IIS  administra¬ 
tors  new  to  application  firewalls. 

EServer  Secure  for  the  entry  level 

Turiilion’s  eServer  Secure  is  designed 
specifically  for  the  IIS  Web  server  environ¬ 
ment.  Based  on  Internet  Server  Ap¬ 
plication  Program  Interface  (ISAPI)  tech¬ 
nology,  eServer  Secure  combines  a  host- 
based  architecture  with  the  flexibility  of  a 


Net  Results 


RATING 

4.6 

WORLD 

CUSS 

WINNER 

RATING  1 

4.5 

RATING 

3.55 

AppShield  4.0 

InterDo  3.0 

SecurellS  2.0 

Company:  Sanctum, 

(408)  855-9500,  www. 
sanctuminc.com 

Price:  Starting  at 
$15,000.  Pros:  Automatic 
rule  generation,  good 
flexibility.  Con: 

Complexity. 

Company:  KaVaDo,  (212) 
302-2400  Price:  Starting 
at  $15,000.  Pro:  Incredible 
flexibility.  Con:  Com¬ 
plexity. 
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Pro:  Simple  one-button 
security  for  basic  attacks. 
Con:  Incomplete  coverage 
of  possible  Port  80  attacks. 
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webApp. secure 
Professional  1.1 


Company:  webScurity, 
(763)  786-2009 
Price:  $10,000  per  server, 
Windows,  Linux  or  Solaris. 
Pro:  Basic  positive  fire¬ 
wall  with  simple  config¬ 
uration.  Con:  Stability  and 
installation  issues,  some 
false  positives. 


3.35 

eServer  Secure  3.0 


Company:Turillion 
Software,  (210)  495-3228, 
www. turillion.com 
Price:  Starting  at  $995 
per  server.  Pro:  More 
coverage  beyond  basic 
attacks  at  inexpensive 
price.  Con:  Default 
coverage  of  attacks 
incomplete. 
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iSecureWeb  Version 
1.615 


Company:  Multinet,  (866) 
682-9286,  www. 
elitesecureweb.com 
Price:  Starting  at  $2,000. 
Pro:  Wealth  of  con¬ 
figuration  options. 

Con:  Ease-of-use  and 
stability  issues. 
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How  we  did  it 


W  e  used  a  pair  of  Dell  PowerEdge  6000  servers  running  Windows  2000  and 
Microsoft  Internet  Information  Server  5.0  as  the  testing  platform.  The  test 
sites  installed  used  ColdFusion  and  Active  Server  Pages  for  dynamic 
database  access  and  did  not  have  input  sanitization  built  in.  Testing  covered 
exploits  such  as  URL  tampering,  form-field  manipulation,  SQL  injection  and 
many  known  IIS  server  specific  exploits.  Two  other  machines  on  a  connected  net¬ 
work  using  automated  security  audit  tools  and  manual  attacks  performed  test¬ 
ing.  A  third  machine  was  used  as  the  administration  console  for  altering  and 
configuration  where  possible.  Server  interaction  was  monitored  not  only  at  the 
browser  level  but  the  underlying  HTTP  discussion  was  monitored  to  ensure  stan¬ 
dard  interaction  between  systems. 


Web-based  management  interface. 

This  is  a  strictly  negative-model  fire¬ 
wall,  with  a  respectable  blacklist  of 
attack  signatures  that  are  blocked  by 
default  —  long  URLs,  disallowed  meth¬ 
ods  and  directory  traversals,  for  example 

—  and  the  ability  to  revise  these  policies 
for  tighter  security.  These  attacks  were 
blocked  as  expected. 

SQL  injection  can  be  combated,  but 
this  is  addressed  through  keyword  filter¬ 
ing,  and  you  likely  will  want  to  strength¬ 
en  the  default  policies  to  make  them 
more  robust. This  product  does  not  obvi¬ 
ously  address  manipulation  of  form-field 
sizes.  An  update  subscription  service  is 
offered  to  keep  the  attack  signatures  cur¬ 
rent.  Error  pages  are  fully  configurable. 

The  HTTP  management  interface  is  a 
convenient  way  to  handle  remote 
administrative  duties  but  is  also  a  liabili¬ 
ty.  Security  for  remote  management  is 
provided  via  basic  IP  filtering.  This  is  a 
nice  feature,  but  the  wise  user  most  like¬ 
ly  will  want  to  employ  SSL  as  well  to  fur¬ 
ther  secure  communication  with  the 
firewall. 

The  Web  interface  suffers  from  the 
statelessness  and  latency  one  would 
expect  from  HTTP  and  some  quirks  exist 

—  probably  a  function  of  the  tricky 
interprocess  communication  between 
the  ISAP1  extension  that  supports  the 
user  interface  and  the  1SAPI  filter  that  is 
responsible  for  actually  carrying  out  the 
security  policies. 

Changes  to  the  administration  inter¬ 
face  do  not  always  seem  to  take  effect 
immediately  or  consistently,  and  some  of 
the  integrated  reporting  and  statistical 
features  display  disconcerting  inaccura¬ 
cies.  For  example,  a  single  request  gen¬ 
erated  approximately  60  “requests 
processed,"  and  a  number  of  common 
attacks  were  miscategorized. 

In  general,  eServer  Secure  struck  us  as 
a  good  example  of  an  entry-level  prod¬ 
uct  In  that  sense,  its  most  direct  com¬ 
petitors  in  this  review  are  iSecureWeb 
and  SeeurellS.  Among  those  products, 
eServer  Secure  does  not  stand  out  for 
having  any  major  flaws  (apart  from  its 
user  interface  quirks')  but  neither  does  it 
distinguish  itself  as  superior. 


WebApp.secure:  Positive  model 
on  the  cheap? 

WebScurity’s  webApp.secure  attempts 
to  bring  the  benefits  of  positive-model 
application  firewalls  within  reach  of 
smaller  organizations. 

Like  most  positive-model  firewalls, 
webApp.secure  bases  its  security  model 
on  a  whitelist  of  permitted  requests 
called  Intended  Use  Guidelines.  In 
webApp.secure’s  case,  this  is  a  list  of 
legal  URLs  for  the  entire  site,  which  is 
built  through  the  use  of  what  webScurity 
calls  “entry  points.”  Entry  points  let 
administrators  adjust  the  relative 
“porousness”  of  a  site/application,  by 
forcing  users  to  come  into  it  through 
certain  pages  but  not  others  and  also  to 
control  URL  jumping  within  the  site. 

During  configuration,  entry  points  that 
the  administrator  has  designated  are 
treated  as  starting  points  for  building  the 
map  of  permitted  URLs  and  navigational 
paths  between  them.  Essentially,  a  trust¬ 
ed  user  (or  script)  must  navigate  from 
each  designated  entry  point  to  all  the 
pages  that  are  to  be  treated  as  legally 
accessible  from  that  entry  point.  From 
this  configuration-time  traversal, 
webApp.secure  learns  where  traffic  is 
allowed  to  enter  the  site,  and  where  it  is 
allowed  to  go,  establishing  positive- 
model  access  control.  In  theory  this 
should  be  quite  useful  in  combating 
exploits  that  depend  on  URL  jumping 
and  other  forceful  browsing  techniques. 
However,  during  testing  it  didn’t  always 
work  correctly. 

WebApp.secure  also  shines  in  protect¬ 
ing  against  form-field  manipulation  and 
in  blocking  the  usual  run  of  common 
attack  signatures.  SQL  injection  and  cross 
site  scripting  are  not  well  defended 
against  by  default,  but  lexical  blocking  is 
available  by  disallowing  specific  charac¬ 
ters  in  form  field  values  —  an  example  of 
where  the  positive  model  implementa¬ 
tion  gives  way  to  standard  negative 
model  techniques,  with  a  resulting  extra 
burden  on  the  administrator. 

Implemented  as  a  proxy  that  is  con¬ 
trolled  via  an  XML  configuration  file, 
webApp.secure  also  provides  a  native  — 
but  somewhat  awkward  — Windows  GUI 
for  administration.  When  inspecting  the 


configuration  or  making  changes,  we 
often  preferred  to  access  the  XML  con¬ 
figuration  file  directly. 

The  product  has  a  number  of  short¬ 
comings  that  suggest  a  lack  of  overall 
polish.  The  error/block  pages  are  hard¬ 
coded,  making  them  impossible  to  edit. 
Without  such  modification,  the  software 
immediately  tells  the  potential  intruder 
what  kind  of  countermeasure  software 
is  installed.  However,  Version  2.0  of 
webApp.secure  was  released  after  test¬ 
ing  and  many  of  these  issues  might  have 
been  addressed. 

MultiNet  iSecureWeb  focuses  on 
Microsoft's  IIS 

MultiNet’s  iSecureWeb  also  is  built 
with  ISAPI  technology  and  intended  for 
deployment  on  IIS  hosts.  A  proxy  site 
(the  “Gateway”)  is  set  up  to  filter  incom¬ 
ing  requests  headed  to  an  origin  site. 
Policy  administration  is  done  via  a 
stand-alone  interface  (the  “Studio”)  that 
can  be  installed  on  a  separate  box. 
Studio  is  a  two-pane,  native  Windows 
affair.  Getting  used  to  navigating  around 
its  multi-tab,  multi-level  tree  view  control 

—  and  learning  how  to  make  sense  of  it 
all  —  takes  a  considerable  investment  of 
time  and  patience. 

As  for  the  security  capabilities  of  the 
default  rules,  common  buffer  overflow, 
the  default  policies  handle  the  illicit 
character  sequence  and  directory  tra¬ 
versal  attacks  well.  However,  neither  SQL 
injection  nor  form-field  manipulations 
are  dealt  with  adequately. 

The  predominant  approach  is  clearly 
negative-model,  which  limits  the  reach 
of  the  default  rule  set  and  makes  post¬ 
installation  configuration  a  must  for  a 
secure  setup.  At  that  point,  considerable 
power  is  available  to  the  administrator 

—  especially  one  willing  to  wade 
through  the  intricacies  of  the  user  inter¬ 
face  and,  in  the  case  of  certain  rules, 
deal  with  the  complexities  of  regular 
expression  syntax.  There  is  probably  no 
Web-based  attack  that  one  cannot  stop 
with  an  iSecureWeb  rule,  if  you’ve  got 
the  patience  and  knowledge  to  create 
and  apply  it  properly. 

Error  pages  are  easily  located  and  edit¬ 
ed,  a  good  anti-fingerprinting  measure. 
However,  it  is  all  for  naught  because  our 
installation  of  iSecureWeb  doubled  the 
HTTP  headers  in  every  response  and 
certain  HTTP  response  codes  lacked  the 
usual  response  message  following  the 
numeric  code.  Not  only  does  such 
behavior  make  a  host  easy  to  finger¬ 
print,  it  raises  serious  doubts  about  the 
soundness  of  MultiNet’s  proxy  imple¬ 
mentation  in  general.  Before  running 
iSecureWeb  in  a  production  environ¬ 
ment,  we  would  want  more  assurance 
that  it  can  be  set  up  in  a  way  that  makes 
it  fully  HTTP-compliant. 

Conclusion 

The  products  we  tested  fall  into  two 
distinct  classes.The  low-end  products  — 
SeeurellS,  webApp.secure,  iSecureWeb, 


and  eServer  Secure  —  are  useful  but 
have  configuration  or  occasional  opera¬ 
tional  problems.  SeeurellS  —  while 
potentially  the  least  capable  —  is  proba¬ 
bly  the  best  bet  for  someone  looking  for 
some  simple  protection  for  the  most 
basic  attacks.  However,  for  those  admin¬ 
istrators  who  want  to  get  serious  about 
application-level  protection,  it  is  really 
only  a  choice  between  InterDo  and 
App.Shield,  with  AppShield  having  a 
slight  advantage  in  our  assessment. 
However,  both  have  significant  learning 
curves  and  might  require  consulting  ser¬ 
vices  for  correct  usage. 

In  the  final  analysis  there  is  a  lingering 
question  of  whether  some  of  the 
“exploits”  these  products  protect  against 
shouldn’t  be  dealt  with  during  the  Web 
application  development  process. 

Obviously  filtering  out  bad  requests  is 
a  wise  addition  to  a  Web  server,  but 
shouldn’t  a  Web  application  keep  track 
of  field  sizes  and  allowed  data  directly? 
It  would  be  less  expensive  and  more 
effective  to  design  security  into  a  Web 
application  in  the  first  place. 

Given  Sanctum’s  recently  released 
developer-focused  product  AppScan  DE, 
it  would  seem  that  even  Web  application 
firewall  vendors  understand  the  need  to 
have  security  designed  into  the  applica¬ 
tion  from  the  start.  However,  the  cost  of 
reworking  an  existing  Web  application 
might  be  significant  enough  to  make 
even  expensive  Web  application  fire¬ 
walls  cost-effective  additions  to  the  Web 
administrator’s  security  arsenal. 

Powell  is  the  CEO  of  PINE  a  Web  devel¬ 
opment  and  consulting  firm  in  San  Diego. 
He  is  also  the  author  of  numerous  Web 
development  books.  He  can  be  reached  at 
tpowell@pint.  com. 
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Taking  a  Peek  into  your  WLAI 

BY  TOM  HENDERSON,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


AIROPEEK  NX  AND 
RFGRABBER 


Wireless  LAN  analyzers  are  rapidly  evolving  from  our  last  look  (see  www.nwfu 
sion.com,  DocFinder:  7228). They  are  more  compatible  with  network  interface 
cards,  and  they  are  adding  value  through  remote  probe  devices. 

We  tested  the  latest  version  of  WildPackets  notebook-based  analyzer,  AiroPeek 
NX,  and  its  passive  access  point/probe,  called  RFGrabber.We  found  a  few  short¬ 
comings,  but  overall  the  combination  is  a  strong  one. 


Compatibility  is  key 

AiroPeek  NX  gets  praise  for  having  a 
long  list  of  compatible  network  cards  — 
the  longest  list  we’ve  seen  so  far.  Standard 
802.1  lb  cards  are  supported,  but  so  are 
802.1  la, 802. 1  lg  and  combination  cards. 
Because  most  organizations  purchase 
combination  cards  (labeled  either  802.a/ 
b/g  or  802.a/g  cards)  in  their  quest  to  find 
rogue  access  points  or  peer  networks 
that  use  802.1  la  or  802.1  lg  components, 
combination  card  support  is  important. 

AiroFeekNX  works  best  on  a  Windows 
2000  or  XP  notebook  —  older  versions  of 
Windows  are  not  compatible  with  WLAN 
NICs.and  no  other  operating  systems  are 
supported  for  installation. 

Part  of  the  philosophy  behind  AiroPeek 
NX  is  that  it  should  be  run  on  a  notebook 
that  has  a  wireline  connection  because 
AiroPeek  will  dominate  the  WLAN  card 
while  it’s  in  use.  This  means  that  at  least 


Net  Results 


AiroPeek  NX 
Version  2.0 


OVERALL  RATING 

4.4 


Company:  WildPackets,  (800)  466-2447 
Cost:  $3,500  with  12  months  maintenance. 
Pros:  Strong  analysis  and  monitoring 
features;  strong  NIC  compatibility.  Cons: 
Requires  dedicated  notebook  with  wireline 
connection  for  most  flexible  use. 


Ease  of  use  20% 

5 

Diagnosis  depth  20% 

5 

Radio  features  20% 

4 

WLAN  features  20% 

4 

Performance  20% 

4 

TOTAL  SCORE 

4.4 

■  Scoring  Key:  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently  subpar 

RFGrabber 1.0 


Company:  WildPackets,  (800)  466-2447 
Cost:  $400  for  RFGrabber  only;  $3,700  for 
AiroPeek  NX/RFGrabber  bundle.  Pros:  A 
strong  passive-probe  device  for  remote 
monitoring.  Cons:  Deployment  sometimes 
difficult;  currently  limited  to  802.11b. 
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AiroPeek  NX  has  the  ability  to  monitor  wireless  LAN  connections. 


one  more  NIC  of  some  type  is  needed  to 
get  some  of  the  wildpackets.com  HTML 
Web-based  help  screens.  With  only  one 
adapter  (being  used  by  the  AiroPeek 
application), you  won’t  get  peer  network 
connections  or  any  HTML-based  help. 

Peeking  at  packets 

We’ve  seen  two  types  of  WLAN  ana¬ 
lyzers:  those  based  on  existing  analyz¬ 
ers  that  have  been  extended  for  WLAN 
use;  and  those  built  or  modified  for 
the  unique  needs/applications  that  a 
WLAN  network  manager  needs  to  be 
prepared  for. 

AiroPeek  NX  is  a  hybrid  of  these  ana¬ 
lyzers.  WildPackets  has  a  strong  back¬ 
ground  in  protocol  analysis  (with  its 
EtherPeek  product),  and  it  also  added 
wireless  analysis  that’s  better  than  some 
products  that  we  tested  recently 

The  software  can  be  used  alone  on  a 
notebook  or  Tablet  PC  platform  — 
RFGrabber  can  be  combined  as  an 
option.  You  might  want  to  wait  until 
RFGrabber  matures,  but  the  fundamen¬ 
tals  are  sound.  RFGrabber  is  an  access 
point/remote  probe  that  AiroPeek  NX 
sees  as  if  it  were  a  network  card  resident 
in  the  AiroPeek  notebook.  An  RFGrabber 
driver  appears  as  a  probe  device  to  an 
AiroPeek  NX  analyzer  application,  as  if  it 
were  a  locally  attached  WLAN  NIC  that 
would  serve  as  a  probe/device  for  moni¬ 
toring  traffic. 

Although  AiroPeek  NX  bears  some 
resemblance  to  EtherPeek,  the  additions 
made  for  wireless  analysis  go  further 
than  some  other  protocol  analyzer  prod¬ 
ucts  we’ve  tested.  These  additional  fea¬ 
tures  include  extensive  filtration  for 
802.11  packets  and  a  link  to  an  Expert 
analysis  view  of  captured  traffic  that  is 
useful  and  easy  to  understand. 

The  Expert  mode  analyzes  conversa¬ 
tions  and  checks  for  many  characteris¬ 
tics  of  WLAN  dysfunction.  Like  other 
WLAN  analyzers  tested, everything  it  sees 
is  treated  as  a  rogue  until  it  is  added  to  a 
list  of  trusted  devices.  Once  a  device  is 
trusted,  however,  AiroPeek  still  compares 
various  qualities  of  the  devices,  unless 
the  devices  are  purposely  filtered  out  of 
monitoring  or  packet  capturing. 

For  example,  while  a  device  might  be  in 


the  trusted  category  if  it  suddenly  stops 
using  Wired  Equivalent  Privacy  (where 
WEP  is  a  requirement),  the  Expert  analy¬ 
sis  will  trip  an  alarm.  The  same  goes  for 
other  conditions,  such  as  a  wireless  ad 
hoc  connection  attempt  (making  a  peer- 
to-peer  connection  instead  of  going  to  an 
access  point).  A  wireless  client  attempt¬ 
ing  to  spoof  the  IP  address  of  a  trusted 
access  point  also  would  trigger  an  alarm. 

When  conditions  are  set  via  filters  and 
triggers  to  trip  alarms,  the  alarms  can  be 
set  so  a  trail  can  be  made  of  both  the 
alarm,  and  what  resolved  the  alarm. 
Because  one  type  of  alarm  (such  as  one 
indicating  the  sudden  appearance  of  an 
untrusted  IP  address)  might  not  be  as 
important  to  one  organization  as  it  is  to 
another,  WildPackets  provided  two  de¬ 
fault/example  files  of  alarm  types  that 
can  be  defined  for  severity  levels. 

Packet  decoding  and  conversational 
pairing  are  two  strengths  of  AiroPeek  NX. 
It  was  easy  to  filter  and  relate  user  trans¬ 
actions  so  they  could  be  analyzed  from 
user  to  resource  and  back  again.  WEP 
packet  payload  (data)  must  be  decrypt¬ 
ed  outside  the  program.  WildPackets  pro¬ 
vides  an  application  that  can  decrypt  the 
conversations,  and  is  easily  scripted  to 
execute  with  various  WEP  keys.  Packet- 


decode  information  also  is  available 
about  WLAN  traffic,  such  as  the  usual 
source/destination  and  packet-type  infor¬ 
mation  that  non-encrypted  packets  have. 
Filters  and  triggers  are  available  for  many 
common  program  problems, such  as  SQL 
Server  logon  failures, and  the  presence  of 
Yahoo  Messenger  traffic. 

AiroPeek  passed  all  our  tests,  with  the 
exception  of  one  condition  when  it 
couldn’t  determine  that  we  had  two  iden¬ 
tical  802.1  lg  access  points  that  were  set 
up  with  identical  IP  and  media  access 
control  layer  addresses  —  admittedly  a 
difficult  problem  to  find.  It  also  cannot 
probe  an  access  point;  it  only  can  look  at 
conversations  involving  an  access  point. 
This  means  services  such  as  Dynamic 
Host  Configuration  Protocol  that  are  pro¬ 
vided  by  an  access  point  (vs.  a  down 
stream  DHCP  server)  can’t  be  tested  or 
validated  within  the  context  of  being  a 
client  to  the  access  point,  only  as  a  mon¬ 
itor  of  the  access  point. 

For  that  reason,  a  set  of  tools  •  ML  I  i 
Net  Tools  is  provided  from  the  AiroFeei: 
NX  distribution  CD  and  is  automatically 
installed.it  desired. The  tools  run  outsid; 
AiroPeek  to  perform  rudimentary  func¬ 
tions  often  unavailable  on  Windows, si ic '  ■ 
as  pings,  traceroutes,  DNS  lookups  and 
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port/ping  scans.  Unfortunately  none  can  be 
run  concurrently  on  a  single-network  card 
platform,  but  can  run  when  AiroPeek  has 
two  WLAN  NICs  or  a  WLAN  NIC  and  an 
Ethernet  interface. 

Grabbing  RF 

RFGrabber  looks  like  an  access  point,  and 


it’s  deployed  like  one,  too  (it  connects  to  a 
wired  Ethernet  port  through  a  device-dis¬ 
covery  method).  However,  it  is  a  passive 
point,  and  cannot  be  found  by  wireless 
scanner.  RFGrabber  passively  “listens  to  the 
air”  to  find  information  within  its  airspace, 
and  neither  sends  a  radio  beacon/ 
signal  nor  actively  responds  to  one. 


Unfortunately  there’s  no  Web  interface  to 
reprogram  the  RFGrabber’s  IP  address  or 
other  features  —  changes  must  be  made 
by  the  AiroPeek  NX  program.  We  occa¬ 
sionally  lost  track  of  the  RFGrabber  we 
were  using  after  we  made  changes. 
Fortunately  after  scanning  the  pertinent 
segment,  RFGrabber  could  be  found  again 
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The  New  Data  Center 


It's  about  consolidation.  Virtualization.  Automation.  The  power 
of  technologies  like  blade  servers.  And  the  need  to  prove  and 
improve  your  ROI.  It's  the  new  data  center  and  it's  all  about 
making  your  enterprise  fully  metered,  fully  accountable,  and  fully 
effective.  Managing  data  and  serving  information  in  ways  that  make 
your  company  more  competitive.  And  you  more  central  to  its  success. 

That's  why  you  are  invited  to  The  New  Data  Center:  Powering  the 
Enterprise.  A  special  Network  World  Technology  Tour  event  for 
professionals  who  want  a  practical  mission  to  go  with  their  strategic 
vision.  It's  FREE  to  qualified  professionals.. .but  you  must  register  in 
advance  for  one  of  the  limited  number  of  seats  available. 

This  event  is  limited  to  Network  and  IT  professionals  involved  in  the  evaluation, 
purchase  and  implementation  of  data  center  products  and  services. 

REGISTER  NOW!  ONLINE  AT 

Online  at  www.nwfusion.com/events/datacenter2 
or  call  1-800-643-4668 
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Timely  topics  &  takeaways 


□  new  practices  in  managing  and 
modifying  the  data  center 

□  new  paths  to  consolidating  server  and 
storage  resources 

□  new  ways  to  maximize  resources 
through  virtualization  and  automation 

□  new  techniques  for  managing  mixed 
operating  system  environments 

□  new  strategies  for  implementing  SLM 
and  monitoring  SLAs 

n  new  applications  that  take  advantage 
of  data  center  infrastructure 
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and  re-used  for  monitoring. 

Once  installed,  the  RFGrabber  adapter 
can  be  selected  as  the  probe  (all  network 
cards  act  as  probes  to  AiroFbek)  for  moni¬ 
toring  use  by  AiroPeek.  Multiple  probes  can 
be  monitored  up  to  the  available  band¬ 
width  of  the  connections.  In  our  tests,  peak 
sustained  output  from  the  probe  under 
streaming-media  conditions  never  sur¬ 
passed  400K  byte/sec. 

There  are  several  scenarios  suited  for  the 
AiroPeek  NX/RFGrabber  combination, such 
as  branch  office  deployment  for  remote 
monitoring/audit,  campus  monitoring,  and 
applications  where  remote  WLAN  data  col¬ 
lection  is  necessary.  We  tested  the  combina¬ 
tion  in  the  lab  and  in  a  simulated  site-to-site 
IP  Security  VPN.  In  both  environments, 
RFGrabber  could  monitor  traffic  at  the 
same  data  rates, and  with  the  same  features, 
as  the  802.11b  WLAN  NICs  that  we  tested 
with.  It  also  could  do  this  when  the  con¬ 
nected  circuit  speed  was  as  fast  or  faster 
than  IEEE  802.3  lOBase-T  (10M  bit/sec). We 
did  not  test  RFGrabber  atT-1  speeds  to  see  if 
packets  dropped. 

There  are  a  few  limitations  to  RFGrabber 
that  weaken  its  usefulness,  but  it  doesn’t 
diminish  our  view  of  AiroPeek  NX.  First, 
RFGrabber  works  only  on  802.11b  net¬ 
works,  which  limits  its  usefulness  until  an 
802.11  a/b/g  or  similar  version  emerges. 
The  reason  is  that  RFGrabber  simply  can’t 
detect  rogue  802.11a  or  802. 1  lg  traffic. 
However,  it  can  discern  some  802.1  lb  con¬ 
versations  that  occur  on  an  802.1  lg  access 
point.  In  pure  802.1  lg  or  802.11a  environ¬ 
ments,  RFGrabber  cannot  be  used  for  rogue 
detection  or  other  monitoring. 

Bottom  line 

Many  of  the  strong  analysis  features  of 
AiroPeek  NX  weren’t  overshadowed  by  its 
minor  operational  constraints.  And  while 
we  like  the  concept  of  RFGrabber,  its  limi¬ 
tation  to  802.11b  makes  it  an  expensive 
remote  monitor,  although  an  invisible  one 
if  and  where  invisibility  to  WLAN  devices 
counts.  AiroPeek  NX  has  strong  WLAN 
monitoring  skills,  and  hovers  above  other 
analyzers  that  have  a  strong  protocol  ana¬ 
lyzer  background  with  a  grafted  WLAN 
tool  kit. 


Henderson  is  managing  director  of 
ExtremeLabs  in  Indianapolis  and  is  a 
member  of  the  Network  World  Global  Test 
Alliance.  He  can  be  contacted  at  (header 
son  @extremelabs.  com 
Henderson  is  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative  of 
the  premier  reviewers  in  the  network 
industry,  each  bringing  years  of  practical 
experience  to  every  review.  For  more  Test 
Alliance  information,  go  to  www.nw 
fusion,  com  /alliance. 
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See  how  we  conducted 
our  tests. 
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Interviewing  acumen 

Establishing  job  competencies  and  using  behavioral  event  interviewing  can  lead  you  to  the  perfect  hire. 


■  BY  BETH  SCHULTZ 

Before  Mike  Johnson  took  a  job  as  network  administrator  with  the 
Urban  Development  Department  for  the  city  of  Tulsa,  Okla.,  he 
found  himself  in  a  job-hunting  quandary  He  was  getting  screened 
out  of  interview  opportunities  by  hiring  interns  and  headhunters 
who  knew  nothing  beyond  what  acronyms  to  look  for  in  a  resume. 


“If  my  resume  did  not  have  the  exact 
buzzwords  and  certifications  on  it  and  did 
not  fit  the  job  description  precisely,  they 
would  not  have  even  told  anyone  about 
it,”  Johnson  says. 

Fortunately  for  Johnson,  Tulsa  Urban 
Development  signed  him  on  for  an  inter¬ 
view  even  though  he  lacked  the  primary 
skill  —  Windows  NT  expertise  —  re¬ 
quired  for  the  job.  In  detailing  project 
experiences,  Johnson  convinced  the  hir¬ 
ing  manager  that  he  was  the  right  guy  for 
the  job. 

“I  may  not  have  had  any  Windows  NT 
experience,  but  I’ve  been  in  networking 
for  20  years  and  have  been  a  [Certified 
Novell  Engineer]  since  1990. 1  was  sure  I 
could  figure  out  Windows  NT,”  he  says.“So 
1  told  them  about  projects  I  had  worked 
on  and  gave  them  specific  examples.” 

Johnsons  experience  of  being  shut  out 
from  job  opportunities  for  lack  of  specific 
skills  is  all  too  common  in  the  IT  profes¬ 
sion,  hiring  experts  say.  Most  technically 
oriented  people  over-rely  on  a  job  candi¬ 
date’s  skills,  education  and  training,  says 
Lou  Adler,  president  of  The  Adler  Group,  a 
training  and  consulting  firm  that  special¬ 
izes  in  recruitment  strategies. 

Adler  tells  the  hiring  managers  he’s 
working  with  to  focus  on  what  the  person 
needs  to  do  with  the  skills,  not  on  skills 
themselves.“What’s  the  project?  What  does 
the  person  need  to  be  successful  on  the 
project?”  he  says. 

Adler  based  this  approach  on  a  tech¬ 
nique  called  the  behavioral  event  inter¬ 
view  (BEI).  In  a  BEl,a  hiring  manager  drills 
down  on  candidates’  true  competencies 
primarily  by  assessing  how  they  would 
address  hypothetical  work  challenges  and, 
most  importantly,  by  delving  into  the  expe¬ 
riences  job  candidates  identify  as  the  most 
career-significant  (see  sidebar). 

A  BEI  centers  on  knowing  what  core 
competencies  —  not  skills  —  are  essential 


to  a  job,  explains  Linda  Pittenger,  CEO  of 
PeopIe3,  a  Gartner  company  specializing 
in  IT  human  capital  management.  She 
defines  a  competency  as  a  single  or  set  of 
characteristics  that  differentiate  and  pre¬ 
dict  superior  performance  in  any  given 
job  or  role. 

“If  you  have  10  programmers  and  Mary 
and  Johnny  are  the  best  by  far,  we  don’t 
care  about  what  the  10  do  all  day. What  we 
really  care  about  is  what  Mary  and 
Johnny  do  that’s  different  than  the  other 
eight,”  Pittenger  says.  “If  they  talk  to  cus¬ 
tomers  more  and  understand  competi¬ 
tors  better,  then  that’s  what  you’re  looking 
to  hire  for.” 

So  if  you  learn  during  an  interview  that 
one  of  the  toughest  challenges  a  job  can¬ 
didate  ever  faced  was  dealing  with  a 
delayed  application  rollout,  you  would 
probe  for  information  on  how  the  person 
handled  that  situation.  “If  the  last  thing 
they  did  was  talk  to  the  customers,  then 
they  don’t  make  it.  That’s  the  end  of  the 
interview;”  Pittenger  says. 

“Instead,  most  interviewers  will  ask  job 
candidates  how  many  years  of  network¬ 
ing  they  have,”  he  says.  “I’d  rather  have  a 
customer-service  person,  if  that’s  one  of 
the  competencies,  and  send  that  person 
to  certification  school.  You  can’t  teach 
people  those  competencies,  you  can 
teach  them  the  skills.” 

Measuring  results 

Pittenger  cites  these  hiring  industry  sta¬ 
tistics  as  evidence  of  the  effectiveness  of 
a  BEI  model:  In  a  typical,  unstructured, 
one-on-one  interview,  a  hiring  manager 
has  a  19%  chance  of  making  a  good 
match  for  the  job. That  likelihood  rises  to 
35%  during  unstructured  team  inter¬ 
views.  Using  BEI,  the  chances  of  getting 
the  hire  right  jumps  to  72%. 

Preparing  for  a  behavioral  event-based 
interview  isn’t  necessarily  difficult,  but  it 


certainly  takes  more  upfront  work  than 
does  the  typical  one-on-one  method.  For 
one,  you’ll  need  to  determine  job  compe¬ 
tencies  by  working  with  external  or  inter¬ 
nal  human  resources  specialists,  buying 
off-the-shelf  models  or  researching  desir¬ 
able  competencies  on  your  own  —  that  is, 
discovering  what  competencies  make 
Johnny  and  Mary  superior  performers, 
Pittenger  says. 

Aquent,  a  professional  services  firmjn 
Boston,  has  used  such  a  perfc 
based  hiring  methodology  anckbehavioral 
event-based  interviewing  forjinternal  posi¬ 
tions.  The  results  have  beeiY:  marked,  says 
Lauren  Schellenbach,  corporate  trainer 
for  the  firm. 

Hiring  managers  now  create  customized 
performance  profiles  that  detail  specific 
and  measurable  objectives  fbr  the  posi¬ 
tion,  and  then  determine  interview  ques¬ 
tions  aimed  at  uncovering  a  candidate’s 
ability  to  meet  those  job  objectives.  ’Die 
goal  is  to  uncover  a  candidate’s  big-pic¬ 
ture  accomfP*^''  ' 
plishments 
and  ability  to 
fit  within  the 
organization. 

Aquent  has 
reduced  the 
number  of  ap¬ 
plicants  to  a 
more  manage¬ 
able,  qualified 
pool  and  has 
cut  the  hiring 
time  frame  for 
the  position  by 
about  75%, 
from  about  four 
months  to  three 
weeks,  Schel¬ 
lenbach  says. 

What’s  more, 
new  hires  have 
exceeded  ex¬ 
pectations  by 
15%  within  their 
first  three 

months  on  the 
job. 

This  points  to 
another  big  ben¬ 
efit  of  using  per¬ 
formance-  or 


competency-based  methodologies  and 
behavioral-event  interviewing  —  getting 
candidates  invested  in  the  job  opportuni¬ 
ty.  “Candidates  appreciate  getting  to  the 
heart  of  the  matter,  and  the  interview  can 
help  get  them  excited  about  the  job.  You 
can  say’We’re  really  pushing  the  envelope 
on  .Net  and  want  the  person  in  this  posi¬ 
tion  to  take  it  to  the  next  level.  Tell  me 
about  the  biggest  project  you’ve  done’” 
Adler  says. 

although  the  BEI  concept  has  been 
around  since  the  1970s,  it’s  just  starting  to 
catch  o£j  for  IT  hiring,  Pittenger  says.  When 
she  ij^ched  People3  in  1998,  only  15%  of 
Hes  used  career-based  competen¬ 
cies  for  ]T  Over  the  years,  she  has  seen  that 

_ ge  increase  to  just  less  than  40%. 

“We’rdf  making  headway’  Pittenger  says. 
But  fni,  she  wishes  for  more.  She  sadly 
notSj'The  most  important  thing  leaders  or 
managers  can  do  is  hire  the  right  people, 
yet  that '^typically  what  they  spend  the  least 
amount  of  tkge  doing.”* 


Components  of  a  behavioral  event  interview 

While  some  espouse  a  more  streamlined  approach,  Linda 
Pittenger,  CEO  of  People3,  favors  this  BEI  framework: 


Knowledge  and  credentials:  Find 
out  what  degrees  and  certifications 
job  candidates  hold,  and  what  they 
can  do. 

•  How  do  you  prepare  an  RFP? 

•  Do  you  have  Microsoft 
certification? 

General  experience:  Discover 
responsibilities  and  temperament 

•  What  does  your  typical  day 
entail? 

•  What  do  you  do  when  a 
customer  gets  angry? 

Opinion:  Peel  the  onion  back  on 
their  motives.  Ask  questions  re¬ 
lated  to  your  company's  culture . 

•  What  are  your  strengths  and 
weaknesses? 

•  Why  did  you  apply  for  this 
job? 

Hypothetical:  Unveil  how  job 
candidates  address  a  situation. 
Answers  will  tell  whether  a  person 
will  work  independently,  seek 


assistance  or  be  customer-focused. 

•  What  would  you  do  if  your 
servers  went  down? 

•  How  would  you  escalate  the 
issue? 

Behavioral-event  critical  incidents: 

Provide  the  opportunity  for  job 
candidates  to  show  challenges, 
actions  and  results.  Ask  five  or  six 
open-ended  questions  about  the 
most  important  situations 
candidates  have  experienced  in 
their  current  roles,  and  two  or 
three  questions  on  their  failures 
and  successes. 

•  What  was  the  situation  and 
the  event  leading  up  to  it? 

•  What  was  your  role? 

•  How  did  you  feel? 

•  What  did  you  want  to  do 
about  the  situation,  and  what 
did  you  do? 

•  What  was  the  final  outcome? 

•  What  did  you  learn? 


Smarter,  Simpler  KVM  Switching 


AMIQ  computer  interface  module  retains  the  unique  ID  and  server  name, 
so  reconfiguration  and  expansion  is  as  simple  as  switching  the  cable 

Exclusive  AutoTuning™  optimizes  video  performance  over  UTP  cable,  at 
any  distance 

Build  customized  user  profiles  and  centralize  control  of  connected  servers 
with  AMWorks  -  Java-based  system  software  included  with  each  switch 

All  system  components  can  be  flash  upgraded  simultaneously  with  just  a 
few  clicks  of  the  mouse 


' 

Consolidate  control  of  your  server 
1  room  with  powerful  AMX  switching 


Advantage:  Avocent 


KVM 

Matrix 

Switching 


EASIER  TO  USE 

•  Auto-configuration  simplifies  set-up.  The  system  automatically 
addresses  the  ports,  appliances  and  computers  for  you 

•  Intelligent  AMIQ  interface  modules  remember  your  configuration, 
so  it's  easy  to  install,  maintain  or  move  your  servers 

•  Graphical  AMWorks  administration  software  and  mouse-driven 
on  screen  menus  are  simple  to  navigate  and  control 


MORE  ADVANCED  FEATURES 

•Scalable  architecture  grows  with  your  server  room 
•Supports  multi-rack  PS/2,  Sun  and  USB  server  environments 

•  Full  non-blocked  access  to  servers  and  serial  devices 

•  End-to-end  CAT  5  connections 

•  Save  rack  space  -  1 U  switch  supports  up  to  8  users  and  32 
servers;  2U  switch  supports  up  to  16  users  and  64  servers 

•Multi-level  security  and  password  protection  for  each  user 

•  Multiple  users  can  share  access  to  the  same  server 

•  Share,  private,  scan  mode  available  to  all  users 


Call  for  an  Avocent  Authorized  Reseller  near  you 

1  866-286-2368 


Make  the  smart  switch.  Download  our  Definitive  KVM 
Buyer's  Guide  at  www.avocent.com/advantage 

or  call  1-866-286-2368. 


,  AVWorki  KVM  OVER  IP  and  iKe  Pcwwr  of  Bwng  Thetf  at,  „  o,  A«ocent 


Avocent 

The  Power  of  Being  There, 


Console  Management 


Power  Management 
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Command  Your  Network 
With  Cyclades 


m 


. 


Selecting  the  right  components  for  your 
network  is  often  a  challenging  decision. 

With  our  AlterPath  PM8,  you  can  remotely 
re-boot  your  system  with  just  a  few  mouse  clicks. 

By  integrating  the  AlterPath  PM8  with  our 
award-winning  AlterPath  ACS,  you  combine 
power  and  console  management.  Now  you  can 
command  all  your  infostructure  with  secure  authentication 
and  bulletproof  encryption  as  demanded  by  todays' 
mission-critical  applications  all  in  one  single  session  -  anytime,  anywhere. 


AlterPath"  ACS 


AlterPath  PM8 


Console  and  power  control  from  one  session, 
no  need  to  memorize  ports  and  addresses 


SSH  v2,  strong  authentication,  encryption  and 
IP  filtering  on  both  power  and  console  access 


Daisy  chain  power  distribution  units  to  control 
any  number  of  devices  from  a  single  serial  port 


/ 


"Best  Hardware  for 
Linux  since  1995" 


www.cyclades.com/nw 

1 .888. cyclades 
sales@cyclades.com 


cyclades 


Ever 


©2003  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  their  respective  owners.  Product  information  subject  to  change  without  notice. 
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use  13U  when  you  can  just  use  1? 


Introducing  APC's  Rack-mount  LCD  Monitor 


As  floor  space  in  your  IT  environment  becomes  more  expensive  and  difficult  to 
allocate,  you  need  to  utilize  your  rack  enclosure  space  as  efficiently  as  possible. 

A  traditional  CRT  monitor,  monitor  shelf,  keyboard,  and  keyboard  drawer  take  up  to 
13U  of  your  valuable  rack  space.  An  APC  rack-mount  LCD  monitor/keyboard  drawer 
offers  you  the  same  functionality  while  using  only  1 U  (1 .75")  -  leaving  you  with  up  to 
12U  of  valuable  space. 

FEAI.UBES.1NCLUD.L 


A  fuil  size  keyboard  with  104  full 
travel  keys  and  integrated  number 
pad 


On-screen  display  (OSD) 
adjustments 


An  integrated  trackball  to  eliminate  the  need 
for  an  external  mouse 


1024x768  resolution  for 
exceptional  image  quality  for  most 
server  applications 


Active  matrix  TFT  displays  that  emit  less 
heat  and  use  less  than  half  the  power  of 
comparable  CRT  monitors 


Ability  to  connect  to  a  server  or  KVM 
switch  via  a  standard  VGA  connector 

QjHBpF  Enter  to  WIN  a  FREE  APC  LCD  Monitor  today.  A  $2239  value! 

Visit  httpy/proimupcjom  Key  Code  m700y  •  Call  888-289-APCC  x6604  •  Fax  401-788-2797 

©2003  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 


Every  product  carrying  this  mark 
has  been  tested  and  certified  for 
use  with  InfraStruXure* 
architecture.  Before  you  buy. 
check  for  the  X  to  guarantee 
product  compatibility. 


With  over  15  million 
satisfied  customers,  APC's 
Legendary  Reliability” 
guarantees  peace  of  mind. 


Legendary  Reliability* 


AX2A3EP-US 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Observer 


Expert 

Observer 

*2895 


Observer 
Suite 
* 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (lO/IOO/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932  9899  •  Fai  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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l<eomplete  remote  kvm  control  via  tcp/ip 

■  . 


BEST  OF  INTEROP 
NETWORLD  INTEROP 


O  CRN 


CftHfpirting 


2003  Winner 

of  the  Best  Of  Show  Award 


Extend  Your  IT  Reach  Beyond  The  Server  Room 


Kaveman  16  -  Allows  up  to  6  simultaneous 

users  connecting  16  servers 


o 


How  does  Kaveman  work 


^  _ _  w 

4-i  k|&|s{s|s|s| 


Remote  Client 


_  M  aiye  m  a  n 

Available  in  1,  8  and  16  channel  versions 


Servers 


Monitoring  Configuration 


Remote  Keyboard,  Video  and  Mouse  Access  via  Web  Browser 

You  can  access  to  the  BIOS  level  of  your  servers  or  serial  devices  anytime, 
anywhere  with  full  KVM  control  via  a  Web  Browser  or  VNC. 

24/7  Automatic  Server  Monitoring 

Kaveman  monitors  server  functions  and  notifies  you  before  any  server 
problems  become  critical. 

Highly  Secure  Deployment 

Kaveman  utilizes  128-bit  SSL  encryption  for  all  keyboard  and  mouse  data 
and  supports  SSH  and  VPN  environments.  In  addition,  Kaveman  offers 
specialized  security  features  including  the  Turtle  mode  and  Stealth  mode. 

Non-IntrusiveTo  Your  Network  Environment 

As  a  stand  alone  device  that  requires  no  additional  software  or  hardware 
to  install,  Kaveman  minimizes  the  potential  impact  on  your  servers. 

Remote  Power  Cycling 

You  can  power  cycle,  turn  on/off  any  connected  device  over  IP  simply 
using  a  common  Browser. 


The  Engine  of  Innovation 


www.digitalv6.com  1-866-922-2333 


Mention  Promotion  Code  ‘NETWORK  WORLD’  when 
purchasing  the  Kaveman. 


Web  Based  Boot  Bar 


Yes,  you  can  Switch 
Power  over  the  Internet 


Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /  Off  /  Reboot  Switching 

■  Versatile  Zero  U  Mounting 


■JWM  Network  Uoot  U or 
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NETWORK  BOOT  BAR 

LOCATION:  NBB  Live  Demo  Unit 

SWITCH  PANEL 

Firmware  Version:  1.01 

Plug  Name 

Status 

On 

orr 

Boot 

1  Serverl 

1  as  1 
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2  Server_2 
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3  Hub 
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4  Router 
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5  Modem 
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Ail 
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Plugs 

Setup  |  Log  Out  | 

*PP»  | 

Oaitcal  | 
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www.wti.com 


(800)  854-722 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  92618-25  17 


"Keeping  the  Net.. .Working! 
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Now  you  can  gain  control  with 
advanced,  remote  power  distribution 

The  space-saving  APC  MasterSwitch  is  a  perfect  0  "U"  fit  for  networks,  colocation  facilities,  and 
ISPs  -  anywhere  remote  control  of  outlets  is  required. 


Control  power  to  your  valuable  connected  network  devices  using  MasterSwitch's  remote  on/off/reboot  capability.  Ideal 
for  any  situation  where  rebooting  or  power  cycling  is  required  of  equipment  or  "locked-up"  servers.  The  MasterSwitch 
mounts  vertically,  requiring  zero  U  space,  leaving  you  with  more  room  for  your  network  equipment.  Trust  your  remote 
management  needs  to  the  leader  in  power  protection:  APC.  To  learn  more  today  visit  us  online  at  www.apc.com 

OPTIMIZED  FOR  MANAGEMENT  AND  CONTROL 


CERTIFIED 


InfraStruXure 

*APC 


•  Wireless  Application  Protocol 

•  Boot-P  support 

•  Accessible  terminal  block  for  hardwire 
capability 

•  Event  configuration 

•  E-mail  notification 

•  Vertical  mounting,  requiring  zero  'U' 
of  space 

•  Remotely  manage  outlets  by  turning 


outlets  on/off  or  rebooting  connected 
equipment 

•  Built-in  Ethernet  interface*  for  direct 
connection  to  the  LAN 

•  MD5  authentication  security 

•  Power-up  sequencing  lets  you  configure 
the  sequence  in  which  power  to  outlets  is 
turned  on  or  turned  off. 


Every  product 
carrying  this  mark 
has  been  tested  and 
certified  for  use  with 
InfraStruXure' 
architecture.  Before 
you  buy.  check  for  the 
Xto  guarantee 
product  compatibility. 
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* Requires  separate  control 


Enter  to  WIN  a  FREE  APC  MasterSwitch"  today. 

Visit  httpy/promo.apc.com  Key  Code  m701y  •  Call  888-289-APCC  x6605  •  Fax  401-788-2797 
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With  over  15  million 
satisfied  customers,  APCs 
Legendary  Reliability' 
guarantees  peace  of  mind. 


Legendary  Reliability®  Ms2A3epus 


I  to  IOOO  remote  servers  are  within  your  reach 

Over  IR  Fibei^or  Cat 

Access '^jrserver(s)  from  ANYWHpft€ 
with  the  push  of  a  button!  Jk  ; 
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UltraLink™ 
REMOTE  KVM  ACCESS  OVER  IP 

Connect  to  remote  computer  over  Ethernet  or  dial-up 
;  *  Single,  dual,  quad  models 

Local  KVM  port  to  access  computers  at  UltraLink  unit 
Modem  port  with  dial-back  security 
Up  to  1280x1024  resolution,  supports  all  platforms 

Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 

SSL  security  and  passwords  prevents  unauthorized 
access 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+65  6324  2322 


WWW.ROSE.COM 


CrystalView™  Mini 
CAT 5  KVM  EXTENDER 

♦  Extends  KVM  station  up  to  150 
feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 


CrystalView™ 

CAT 5  KVM  EXTENDER 

♦  Extends  your  KVM  station  up  to 
1000’  from  your  computer 

♦  Supports  PC,  Sun,  or  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 


4%ROSE 

A^^ELECTRONICS 


♦  Up  to  1280x1024  resolution 


♦  Up  to  1 600  xl  200  resolution 

♦  Available  as  standalone,  rack 
mounted,  or  high  density  chassis 


CrystalView™  Pro 
DIGITAL  KVM  EXTENDER 
OVER  FIBER  OR  CAT  5 


♦  Extends  KVM  signals  up  to  33,000 
feet  away 

♦  Uses  only  two  fibers  or  single  Cat  5 

♦  Supports  DVI/VGA,  PC.  Sun,  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1 200  resolution 


CrystalView™  Rack 
CAT 5  KVM  EXTENDER 

♦  Extends  the  distance  from  6  or  1 2 
PC's  up  to  1 000  feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1200  resolution 


Rose  Electronics  *  10707  Stancliff  Road  •  Houston.  Texas  77099 
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5dtSearch 


dtSearch 


Instantly  Search 


dtSearch 


Industrial-strength. 

superb"-PC 


♦  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  and  full-text  search  options 

♦  highlights  hits  in  HTML  and  PDF  while  displaying  embedded  links, 
formatting  and[[|jMi'|;fl 

♦  converts  other  file  types— word  processor,  database,  spreadsheet,  email 
ZIP,  XML,  Unicode,  etc.— to  HTML  for  display  with  highlighted  hits 

♦  developer  products  have  easy  wizard-based  setup;  optional  API 


dtSearch 


'Industrial-strength.. 
SUperb”— PC  Magazine 


dtSearch 


Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center 


Industrial-strength., 
superb”— pc 


Very  powerful ...  a  staggering  number  of  ways  to  search 
-Windows  Magazine 


dtSearch 


Intuitive  and  austere  ...  a  superb  search  tool 


■PC  World 


Industrial-strength.. 
SUperb”— PC  Magazine 


dtSearch  “covers  all  data  sources ...  powerful 
Web-based  engines”  -eWEEK 


dtSearch! 


Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials 


A  powerful  text  mining  engine  ...  effective  because  of  the  level 
of  intelligence  it  displays”  -PCAl 


’Industrial-strength., 
superb”— PC  Magazine 


In  the  past  year  alone,  over  half  of  the  current  Fortune  10 
have  purchased  developer  or  network  licenses. 


'Industrial-strength... 
SUperb”— PC  Magazine 


Seewww.dtsearch.com  for: 

♦  developer  case  studies 

♦  fully-functional  evaluations 


1  -800-IT-FINDS 

sales@dtsearch.com 


Text  Retrieval 
Engincil 

♦  for  Win  &  .NET. 


images 


RMONS  PROBE 


Complete,  Industry  Standard,  Software-Based  RM0N2  and 
RM0N1  Probe  for  Windows  98/Me/NT/2000/XP 


•  Low  cost,  complete  RMON  monitoring  for  remote  sites  or 


segments. 

•  Software-only,  non-dedicated  data  collection. 

•  Pure,  full  RMON  1  and  2  support.  Complete  implementation  of 
both  RMON  1  and  2  for  Ethernet  (10/100)  and  Token  Ring  (4/16). 

Full  adherence  to  RFCs  1513,  1757,  2021  and  2074. 

•  Runs  as  a  service  on  Windows  NT/2000/XP. 

•  Works  with  ANY  RMON  management  console  or  collection  facility 
(Observer  ',  OpenView  *.  Concord  ,  NetScout etc.). 

•  Compatible  with  Network  Instruments'  optimized  ErrorTrack""  NDIS 
drivers  display  true  errors-by-station. 

•  Multiple  concurrent  network  interface  monitoring  (up  to  10). 

Why  pay  thousands  more  for  the  same  data? 

Call  800-526-7919  for  information,  or  see  our  web  site  at: 

www.networkinstruments.com 

©  2001  Network  Instruments,  LLC  -  Corporate  Headquarters  (952)  932-9899  FAX  (952)  932-9545 
UK  and  Europe  +44  (0)  1959  569880  FAX  +44  (0)  1959  569881  info@networionstruments.com  www  networkinstruments  com 
Network  Instruments  and  the  “N”  logo  are  registered  trademarks  of  Network  Instruments.  LLC  Minneapolis.  MN  USA 


Power  Control 


Verify  Amps  Used  per  Circuit 
with  Sentry  Input  Current  Monitor 

1  Precisely  measure  the  current,  in  amps,  : 
for  each  power  circuit 

1  •  Prevent  overloads  on  existing  power  circuits 
1  Reduce  costs  for  additional  power  circuits 
1  Overcurrent  alarms 
1  Remote  Measurement  via  IP  or  RS-232 
1  Local  Measurement  via  digital  display  .• ' 


Sentry  Power  Tower.  Equipment' 


■ 

Server  Technol  ogy,lnc 


1040  Sandhill  DriVe  Reno,’  Nevada  jBWf  l., USA  ||| 
web:  www.servertech.com  toll  free:  I.800.‘83.5>i5i5  ,.‘n 
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OptimumDatalnc. 

www.optimumdota.com 


Make  the  Smart  Choice, 

_  Trust  the  Experts  ■ 

^Continental 


order  now:  310-416-1200 

or  visit 

www.ContiComp.com 

We  Specialize  In... 

Cisco  Systems 


COMPUTERS 


Smct  !*M 


Authorized 
Reseller 

These  logos  are  •  tademart  o I  too*  respect**  comparees  and  services. 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fox:  +1  402575  2011 


1 20/ Day  WpcfaBIy 

Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 


TOvn 

See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods.  Gifts 
Pens.  Clocks.  Lightens.  Games 

www.suitcase.com 


FIBEROPTIC 

SOLUTIONS 

»  T  l/EI  &  T3/E3  Modems 
«  RS-232'422'485  Modems  and 
Muitipicxers 

»  iHM  t?70  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  IAN  -  ArcnevTthernetToken  Ring 
»  Vjdco'AudvVHuhs/Repca’.crs 

•  ISO-9001 

s.iTECH 

loti  tree  *66-sn«*-l 
M30tl-3*M.  Fu  fcXF*l5644 

*w  mccnribct  ton 


&  gW 

Advertise  in  the 
Marketplace  and  watch 
your  sales  come 
pouring  in! 


Call  Direct  Response 
Advertising 


1-800-622-1108 
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We  Buy  &  Sell 

Cisco 


1-8riUttH-3Zai| 


COMPAQ. 


=  FEDCOAffajSA  = 

Your  #1  Source  -  Since  1990 
770-772-6000 


,,  \  *  "giT 

Advertise  in  the  Marketplace 

and  watch  your  sales  come 
pouring  in! 

Call  Direct  Response  Advertising 
1-800-622-1108 


Attn:  Network  Technitians 


Capture  and  Generate  Packets 
Simulate  Network  Loads 
Monitor  Network  Utilization 
Test/View  DHCP 
Operations/Settings 
and  more... 


With  the  touch  of  your 
stylus  and  our  handheld 
network  analyzer  kit 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


Truckload 

Sale 


NORTEL 

NETWC 

Say  Networks 

Fax  Equipment  List  To  801-377-0078 


888-8LANWAN 

c«ii  (o,  f,«  Quote!  (888-852-6926)  www  nle.com 


in  the 
Marketplace  and 
watch  your  sales 
come  pouring  in! 


Call  Direct  Response 
Advertising 
1-800-622-1108 


"  r 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


I  Transceiver 

(615)  726-8779 

I  wmv.tninscender.com 
Award-winning  practice  exams 
for  IT  certification 


MeasureUp 

(678)  356-5000 

1  www.measureup.com 

1  Certification  Practice  Tests 

Learnkey,  Inc. 

(800)  865-0165 
|  www.leamkey.com 
Self-paced  online  CD  network 
I  certification  developer  bus/apps 


|  CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Inexpensive  training  videos  on  CD. 

MCSE,  MCDBA,  MCSD,  Cisco  CCNA,  Linux,  A+,  Net+ 


IPexpert,  Inc. 

(866)  225-8064 
www.ipexpert.net 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 
CCNP,  CCNA,  and  IP  TELEPHONY 


l  'JlldiJJ 


(J00)  'y 1 J OJ 
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World  NetSmart  Learning  Partner 


The  new 


itcareers.com 


and 


CareersJoumal.com 


combined 


jobs  database 


can  help  you 


find  one. 


Check  us  out! 


www.itcareers.com 


Programmer  Analysis  Green¬ 
wich  Village  Fish  Co.  Inc.  has 
openings  for  Programmer 
Analysts  for  Iocs  in  NY.  Analyze, 
dsgn.  dvlp.  test  &  implmt  s/ware 
&  web  based  applies  using  MS 
Access.  MS  SQL,  ASP.  XML, 
HTML/DHTML.  C++,  VB  Script. 
Jscript,  Netscape  Composer, 
Tango  Creator,  &  Visual 
InterDev.  Pos  req  Bach  in  Elec. 
&  Comp  Eng  or  Comp  Sci  w/2 
yrs  exp.  Must  have  legal  author¬ 
ity  to  work  in  US.  Excellent  pay 
&  benefits.  Email  resume 
w/proof  of  work  status  to: 
apply@citarella.com 


Unix  Systems  Analyst: 
SunManagement 
Center,  BMC  Patrol 
on  a  Sun/Solaris  plat¬ 
form.  Experience  with 
Application  readiness 
service.  Please  send 
resumes  to  ahilenski 
@sigconsult.com. 


Amtex  provides  high-quality 
end-to-end  software  solutions. 
We  need  IT  professionals  work 
on  SADI,  WC,  and  EDB  system 
with  Rational  Rose,  JAVA  with 
STRUTS  framework,  Data 
Access  Objects  to  access 
Stored  Procedures  written  in 
COBOL.  Contact: 
info@amtexsystems.com.  EOE 

Picobyte  Consulting  is  looking 
for  programmer/system  ana¬ 
lysts,  software/project  engi¬ 
neers.  We  require  BS/MS  with  at 
least  1-year  experience  in  the  IT 
field.  Strong  skills  in  EJB, 
Oracle,  VB,  SAP,  Java,  SQL  pre¬ 
ferred.  Send  resumes  to  1500  S. 
6th  St.  Ste.  B,  Springfield,  IL 
62703.  EOE. 


PROGRAMMER  ANALYST  - 
Analyze,  design,  program, 
implement,  support  advanced 
computer  applications  utilizing 
Java-based  CORBA,  Swing, 
Java,  Java  Script,  XML,  HTML, 
Weblogic  application  server 
under  UNIX  and/or  Windows 
operating  environment  for 
client/server  and/or  internet- 
related  applications.  Respon¬ 
sible  for  migration  issues  con¬ 
verting  from  BOA-based 
CORBA  to  POA-based  CORBA 
&  integration  of  enterprise  sys¬ 
tems  &  legacy  systems.  Req. 
Bachelors  in  Comp.  Sci.,  MIS,  or 
Engg  (any  field)  plus  2  yrs  exp. 
Contact:  International  Systems 
Technologies,  Inc.,  1812  Front 
Street.  Scotch  Plains.  NJ  07076 


Snake  Eye  Inc.  (Houston,  TX)  is 
seeking  Database  Administrator. 
6  mon.  exp.  using  Visual 
InterDev  6.0,  Frontpage, 
Photoshop  6.0,  and  Oracle. 
Send  resume  to  9300C  Harwin 
Dr.,  Houston,  TX  77036  or  713- 
278-9588(F).  Attn:  Mike. 
Southern  Chinese  Newspaper 
Publishing  Co.  (Houston,  TX)  is 
seeking  computer  programmer. 
6  mon.  exp.  using  Chinese 
Windows.  Send  resume  to 
11122  Bellaire  Blvd,  Houston, 
TX  77072  or  281-498- 
2728(F)/281 -498-431 0(T).  Attn: 
Jean  Lin 


Software  Engineer.  Research,  de¬ 
sign,  develop,  install  microproces¬ 
sor-based  soil-testing  unit  software 
systems,  including  fund  specs, 
high-level  design,  prototype  prep., 
board  design  &  layout.  Analyze 
software  reqs.  Hardware  prod.  dev. 
Pacal,  C++.  Assembler  prog.  Mod¬ 
ule  &  unit  testing.  Reqs:  Master's  or 
foreign  equiv.  in  Mngmnt  Info 
Systems  or  Comp.  Sci  &  4  yrs  exp 
as  Software  Eng.,  Comp  Prog  ,  or 
Software  Dev.  Exp.  which  may 
have  been  obtained  concurrently 
must  include  4  yrs  exp.  in  C++. 
Pascal.  Assembler  EOE  40 
hrs/wk.  Send  resume  to  Sasha 
Kron,  Kron  Management  Consult¬ 
ing,  Inc.,  1120  Coronation  Drive, 
Dunwoody,  GA  30338. 


IT  Positions  -  Oracle, 
VB/ASP  Access,  C/C++, 
Visual  C++,  Cobol,  J2EE 
Framework,  Java  Script, 
HTML,  DB2,  Unix,  Web 
Interface,  IMS,  CICS,  IBM 
mainframe,  TeamCenter 
Enterprise,  Matlab.  Send 
resume  to  EASi 
Engineering,  1551  E. 
Lincoln  Ave.,  Madison 
Heights,  Ml  48071,  or  email 
to  Recruiter@easiusa.com. 
Must  include  Ref 
#:SP0803IT.  No  calls.  EOE. 


Applesoft,  Inc.,  seeks 
qualified  software  devel¬ 
opers  and  analysts  for 
projects  in  Taylorsville, 
Utah  &  other  locations  in 
the  US:  B.S.  +  2  yrs  exp. 
Send  resume  to  HR, 
721  W.  Sunny  River 
Rd.,  #428,  Taylorsville, 
UT  84123. 


Corpus  has  multiple  openings 
for  IT  professionals.  Following 
skills  preferred:  Oracle,  SQL, 
PL/SQL,  COBOL.  C/C++,  VB. 
SAP,  Java,  XML,  ERP,  ASP,  NT, 
XSL.  Minimum  BS  degree. 
Traveling  is  required  for  some 
positions.  Please  send  resumes 
to  info@corpuslnc.com.  EOE. 

Aluminum  Blanking  has  open¬ 
ings  for  system  or  programmer 
analyst  responsible  for  Oracle 
database  administration  & 
Intranet  management.  Candi¬ 
dates  must  have  BS  with  exp.  in 
Oracle  DBA.  We  offer  competi¬ 
tive  wage  with  full  benefits. 
Please  contact: 
landerson@albl.com.  EOE 


Programmer  Analyst:  Ana¬ 
lyze,  dsgn,  dvlp,  implmt,  test, 
document  &  maintain  s/ware 
applies  using  MTS,  DTS, 
COM/DCOM,  XML/  XSLT, 
Business  Objects,  Crystal 
Reports  ASP,  Java,  VBScript, 
RDS,  IIS  Administration, 
Erwin,  C,  C++  &  InstallShield. 
Bach  in  Engg  or  its  foreign 
academic  equiv  +  2yrs  exp  in 
job  offd.  Res:  Office  Mgr, 
Artilligence,  4142  Ogletown- 
Stanton  Rd,  #230,  Newark, 
DE  19713.  Fax:  603-372- 
2771. 


Transportation  co.  in  Chicago,  IL 
involved  in  tank  container  leas¬ 
ing  looking  for  Sr.  IT  Manager  for 
Tank  Div.  Qualified  candidate 
will  manage  functional  technical/ 
business  operations  of  IT  Div. 
Manage/  implementation  of 
new/enhanced  0.0.  Client 
Server  applic  used  for  co.'s 
tracking/billing  systems.  Adm. 
specialized  systems  applic. 
throughout  regional  offices. 
Supv./train  professionals  in  IT 
projects.  Prev.  exp.  must  include 
technical  analysis,  design, 
development  &  supervision  of  IS 
conversion  projects  as  applied 
to  tank  leasing  or  transportation 
industry  combined  w/operational 
mngmt.  exp.  Computer  tools/ 
skills  required-exp.  w/any  3  of 
the  following:  Legacy,  Forte, 
Crystal,  Oracle,  NT  Server, 
People  Soft  plus  at  least  6 
months  experience  with  Java, 
SQL  Server,  Business  Objects  & 
Great  Plains.  Bachelors  (U.S., 
foreign  or  equiv.  training,  edu.  & 
exp.)  in  Bus.  Adm.,  MIS  or 
Comp.  Sci.  w/3  yrs  exp.  in  job 
offered  or  as  a  Project  Manager, 
Business  Support  Analyst  or 
System  Analyst.  Send  Resumes 
via  email  to  Union  Tank  Car 
Company  at  recruit@marmon.com. 
No  calls  please. 


Systems  Analyst  wanted  by 
MLCO.  Manage  day-to-day 
operation  of  e-commerce  appli¬ 
cation  sys.;  coordinate  with  pro¬ 
ject  managers  to  develop  strate¬ 
gic  enhancements  and  translate 
custom  business  rules  into  fea¬ 
sible  technical  solutions;  respon¬ 
sible  for  design,  development, 
testing  and  deployment  of  all 
enhancements  to  multi-tier  e- 
commerce  application  &  design 
and  implementation  of  custom 
integration  solutions  with  busi¬ 
ness  partners:  upgrade  applica¬ 
tion  level  security:  collaborate 
with  technical  team  to  integrate 
application  with  existing  func¬ 
tionality  of  legacy  sys.  Requires 
a  BS  in  Comp.  Sci.  &  2  yrs  exp. 
in  application  development  &  e- 
commerce  consulting  &  data¬ 
base  admin.  &  expertise  in  BEA 
WebLogic  Server  8.1  &  J2EE 
Application  development  & 
Microsoft  SQLServer  2000. 
Respond  to:  Mike  Kunz,  Michael 
Lewis  Co,  201  Mittel  Drive, 
Wood  Dale,  IL  60191. 


Assistant  Network  Administrator 
Administer  Novell  Netware, 
Macintosh  Apple  Share  IP 
Server,  Email  Server,  Microsoft 
SQL  Server,  Microsoft  IIS  & 
Java  2  Enterprise  Ed.  Server. 
Program  web  appli.  in  ASP,  JSP, 
&  Java.  Database  design  & 
analysis  in  Microsoft  SQL 
Server,  Visual  dBase.  mySQL,  & 
Microsoft  Access.  B.S.  in  CS  or 
rel.  &  abil.  to  use  C++,  HTML, 
Java,  ASP,  JSP,  mySQL,  CFML. 
UNIX,  Linux,  VB.  Scheme, 
ColdFusion  Studio.  40hr/wk.  9- 
5.  Send  resume  to:  Ms.  Cindra 
Tan.  VP  Finance,  Bennett  Kuhn 
Varner,  Inc.,  2964  Peachtree 
Road,  Ste.  700,  Atlanta,  GA 
30305 


Portal  Content  Analyst  -  Re¬ 
sponsible  for  analyzing,  evaluat¬ 
ing  and  developing  content  for 
Spanish  portal  (website)  of 
BellSouth.net.  Master's  degree  in 
Computer  Science,  Computer 
Information  Systems  or  related 
field  required  and  one  year  expe¬ 
rience  in  systems  and  web  con¬ 
tent  analysis  OR  Bachelor's 
degree  In  stated  fields  and  three 
years'  of  stated  experience. 
Must  be  fluent  in  Spanish. 
Please  forward  resume  to  Attn: 
Lisa  Burlingame,  BellSouth, 
2247  Northlake  Parkway.  Suite 
800,  Tucker,  Georgia  30084. 
Please  do  not  email  or  fax 
resumes.  EOE. 


SENIOR  PROGRAMMER  ANA¬ 
LYST:  (Retirement  Products  & 
Services)  Participate  in  projects 
leading  to  the  analysis,  design, 
enhancement  and  modification 
of  financial,  business  and  man¬ 
agement  systems,  applications 
and  programs.  Respons. 
include:  analyzing  pertinent 
data,  information  and  modes  of 
operation;  evaluating  existing 
and  proposed  systems;  translat¬ 
ing  comprehensive  business 
requirements  into  detailed  func¬ 
tional  specifications.  Duties  incl.: 
develop  and  test  systems  solu¬ 
tions;  write,  test  and  debug 
progams;  provide  support  in  the 
implementation  process;  define 
systems  parameters;  prepare 
SW/end-user  documentation; 
provide  training,  troubleshooting 
and  technical  support  services: 
install  and  maintain  mainframe 
systems;  and  complete  applica¬ 
tion  development  for  financial 
services  products.  Daily  use  of 
Cobol  II.  PL-SQL,  JCL,  CICS, 
VSAM  and  TSO/ISPF.  Min. 
Reqt's;  BS/BA  (foreign  equiva¬ 
lent  accepted)  in  CS,  EE  or 
related  field  of  study  plus  2 
years  exp.  in  job  offered  or  2 
years  exp.  in  related  occupation 
(i.e.  Programming  or  Systems 
Analysis).  MUST  possess 
demonstrated  expertise  in  the 
following:  (1)  Major  system 
installation  including  develop¬ 
ment,  implementation,  and 
maintenance  of  mainframe  sys¬ 
tems;  (2)  Applications  develop¬ 
ment  for  financial  services  prod¬ 
ucts  and  industry,  including 
financial  reporting;  and  (3) 
Programming  and  analysis 
using  multiple  mainframe  tools 
and  utilities  including;  Cobol  II, 
PL-SQL,  JCL,  CICS,  VSAM  and 
TSO/ISPF.  Basic  salary  pay 
range  is  $55,500-65,000  per 
year  FT  and  standard  company 
benefits.  EEO.  Submit  2 
resumes  and  respond  to  Case 
No.  2002-02298,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114. 


Senior  Software  Engineer, 
working  as  a  senior-level  individ¬ 
ual  contributor  in  various  pro¬ 
jects,  will  design,  code,  test  and 
deliver  sophisticated  web- 
based  n-tier  client/server  J2EE 
applications  utilizing  Java 
Servlets,  EJBs  and  JSPs  for  the 
Company's  multiple  channel 
platform  catering  to  wireless 
devices,  interactive  television 
and  conventional  browsers.  Will 
be  responsible  for  assessing 
specific  user  requirements,  and 
then  defining  system  and  appli¬ 
cation  specifications  to  meet 
end-user  needs.  Will  participate 
at  senior  level  in  each  phase  of 
project  life  cycle  development, 
and  will  integrate  web-based 
applications  and  systems  from 
the  concept  phase  through  post¬ 
implementation  performance 
monitoring,  Will  perform  object- 
oriented  analysis  and  software 
design.  Will  coordinate  with 
release  engineering,  quality 
assurance  and  internet  security 
departments  to  ensure  success¬ 
ful  implementation  in  pre  and 
post  production  stages. 
Requires  Bachelor's  or  equiva¬ 
lent  in  Computer  Science, 
Engineering,  Mathematics,  or 
Physics  and  three  (3)  years  in 
job  offered  OR  three  (3)  years 
experience  in  web-based 
client/server  development. 
Candidate  must  also  possess 
demonstrated  expertise  in 
object  oriented  design  and 
analysis;  demonstrated  exper¬ 
tise  developing  n-tier  J2EE  web- 
based  applications  using  Java 
Servlets,  EJBs  and  JSPs;  and 
demonstrated  expertise  pars¬ 
ing,  validating  and  transforming 
XML  data  using  XSL  transfor¬ 
mation.  Salary:  $79,900/yr,  M-F, 
9AM-5PM.  Send  2  resumes 
to  Case  #200202693,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  fl„  Boston,  MA  02114. 
EOE.  Applicants  must  be  U.S. 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S. 


SENIOR  PROGRAMMER  ANA¬ 
LYST:  (Ancillary  IS  Support 
Dept  )  Formulate  and  define 
systems  scope  and  objectives  in 
order  to  purchase,  design, 
develop  or  modify  information 
systems.  Respons  &  duties  incl: 
ID  and  analysis  of  business 
requirements  geared  towards 
applying  computer  technology  to 
business  processes;  creating 
functional  specifications  and 
programming  to  these  specifica¬ 
tions  where  no  suitable  vendor 
solution  has  been  identified  to 
solve  business  problem;  vendor 
application  software  research 
and  valuation;  installation  and 
customization  of  vendor  pack¬ 
ages  as  required  by  business 
community;  system  integration 
as  required  by  business  func¬ 
tionality:  creating  functional 
specifications  and  programming 
conversion  and  interface 
processes;  analysis,  preparation 
of  documentation  and  presenta¬ 
tion  to  the  Technology  Planning 
committee  on  SW  application 
systems  requested  to  be  devel¬ 
oped/purchased  by  the  business 
community;  act  as  a  liaison 
between  business  personnel  in 
the  ancillary  departments  and 
outside  vendors.  Central  IS  or 
other  business  units'  IS  commu¬ 
nities  on  any  IT-related  issues; 
and  provide  administrative  func¬ 
tionality,  training  and  application 
support  for  vendor  packages, 
where  appropriate.  Min.  Reqt's: 
BS/BA  (foreign  equivalent 
accepted)  in  CS,  EE  or  related 
field  of  study  plus  2  years  exp.  in 
job  offered  or  2  years  exp.  in 
related  occupation  (i.e. 
Programming  or  Systems 
Analysis).  MUST  possess 
demonstrated  expertise  in  the 
following:  (1)  Major  system 
installation  including  develop¬ 
ment,  implementation,  and 
maintenance  of  distributed  sys¬ 
tems;  (2)  Programming  and 
Database  develop,  with:  VB/C, 
Powerbuilder.  MS  SQL  Server 
and  Access  databases;  (3) 
Applications  development  for 
financial  services  products  and 
industry  including  financial 
reporting;  and  (4)  Using  Crystal 
Reports.  PVCS  Dimensions, 
HTML  and  UNIX.  Basic  pay 
range  is  $55,500  to  65,000  per 
year  FT  and  standard  company 
benefits.  EEO.  Submit  2 
resumes  and  respond  to  Case 
No  2002-02290,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114 


Engineer,  Video  Soft¬ 
ware.  Must  have  min. 
4yr  exp  in  computer- 
based  video  prodetn  & 
editing,  w/technical 
knowl  of  lineal  &  non-lin¬ 
eal  Media  100  Systms  & 
Fiber  Channel  N/work 
Integrator  S/ware.  Fax 
res:  WNV  Sales,  305- 
358-3116,  Attn:  Ms. 
Guttierez. 


Systems  Analyst  (2 
Position)  Design,  analysis 
and  development  of  web 
and  other  applications  with 
the  focus  on  E-commerce 
solutions  using  VB,  Oracle 
and  connectivity  with  MS 
SQL  database.  Req. 
BS/BBA  with  2  yrs  of  exp. 
Resume  to  Ambason  Inc., 
681  Troy  Schenectady 
Road,  Latham,  NY  12110. 
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ND  based  IT  company  has 
openings  for  Software 
Engineers  &  DBA's:  (Multiple 
openings):  Research.  Analyze. 
Design,  develop,  test,  diagnose, 
and  implement  various  business 
applications 

Real  time  OS  Vx  Works, 
Networking  Protocols,  People- 
Soft  HR/Financials,  IPSEC,  IKE, 
BAAN  ERR  BAAN  tools,  SAP 
r/3  and  ABAP/4,  Oracle 
8.x/9.x/11.x,  Sun  Solaris  2.8, 
Ventas  Clustering,  Oracle 
Utilities.  Unix  Shell  Scripting. 
PL/SQL,  Erwin  Data  Modeling/ 
Designing.  Web  Technologies 
like  J2EE.  JDBC/ODBC.  Web 
sphere,  EJB,  COM/DCOM, 
C/C++,  MS  SQL  Server,  UNIX, 
J2EE  Architect/Team-Lead 
experience  in  implementing 
financial  applications  on  HP- 
Tandem  Non-stop  systems. 
Product  Administration  System 
SABLIME.  Business  Objects 
5.1.5,  Data  Warehousing, 
Informatics  -  Power  Center  5.1, 
SAS  8,  Teradata  Utilities,  Erwin, 
Power  Mart5.1  /  PowerCenter  5, 
Data  Junction,  Cognos 
Impromptu  7.0,  JD  Edwards, 
WinRunner  6.0,  Test  Director 
6.0,  Silk,  Load  Runner,  Rational 
Suite,  SQA  Suite. 

DBAs  must  have  experience  in 
installation,  migration,  moving, 
setup,  monitoring  and  trouble 
shooting  of  various  database 
applications.  May  require  travel 
to  client  sites.  Software 
Engineer  $$78,000  &  up; 

DBA:$60,000  and  up.  Mail 
resume  to  212,  South  4th  Street, 
Suite#  202,  Grand  Forks,  ND 
58201 


Lead  SW  Dev  Eng  (Denver,  CO) 
-  Lead  in  the  team  effort  to 
design/develop  computer  SW 
programs  using  SW  program¬ 
ming  languages  &  tools  incl. 
C/C++  on  UNIX  &  Sybase  open 
server/open  client  libraries 
implemented  in  multiple  plat¬ 
forms  w/multiple  application 
interfaces.  Design/develop  GUI 
for  user  interaction  Perform 
data  communication  program¬ 
ming  using  TCP/IP,  MQ  Series  & 
Remote  Procedural  Calls  (RPC) 
for  interprocess  communication 
&  communicating  w/different 
telecom  switches  (Network 
Elements).  Design/develop  user 
database  in  Sybase.  Work  w / 
modeling  &  architecture  groups 
to  explore  system  design  trade¬ 
offs  &  to  develop  optimization 
procedures  for  improving  net¬ 
work  provisioning  efficiency  & 
reducing  total  costs.  MS  Comp 
Sci/Eng/related  +  working/theo¬ 
retical  knowledge  of:  Comm¬ 
ercial  grade  SW  development  in 
UNIX  environment  using  C/C++ 
&  Sybase  open  server/  open 
client  libraries;  Data  communi¬ 
cation  programming  using 
TCP/IP,  MQ  Series  &  RPC; 
Sybase  database  application 
programming  using  stored  pro¬ 
cedures;  Basic  knowledge  of 
Telecom  switch  (Network  ele¬ 
ment)  interfaces.  $81 ,900/yr,  M- 
F  8-5.  Resume  only  to 
Workforce  Development 

Programs,  PO  Box  46547, 
Denver,  CO  80202.  Ref. 
Job#CO5053475. 


SYSTEMS  ANALYST 
Analyzes  user  requirements, 
procedures  and  problems  to 
automate  processing  or  to 
improve  existing  computer  sys¬ 
tems  Bachelor's  degree  in  com¬ 
puter  science,  engineering  or 
math-related  and  2  yrs.  experi¬ 
ence  in  Visual  Basic.  ASP. 
Microsoft  Piumtree  Corporate 
Portal  3.5.  Web  objects  3.0. 
Must  be  able  to  travel  Apply  by 
resume  only  to  Murali  K 
Suddala.  Capricorn  Systems 
Inc  3569  Habersham-at  - 
Northlake,  Building  K,  Tucker. 
GA  30064 _ 


Senior  Software  Engineer  to 
design  &  implement  reliable, 
scalable  server  that  supports  the 
Internet-wide  deployment  of 
peer-to-peer  clients.  Utilize 
Object  Oriented  programming 
and  an  expert  knowledge  of  C++ 
in  Windows  and  Unix,  Min. 
req’s:  M  S.  in  Comp.  Sci.  or 
rel.field;  andl  yr.  experience  in 
the  job  offered  or  in  a  related 
position  working  with  Windows 
&  Unix  systems  &  network 
development  in  C++.  Special 
req’s:  ability  to  understand  & 
communicate  complex  technical 
topics;  experience  w/design  & 
implementation  of  network  pro¬ 
tocols,  operating  systems,  dis¬ 
tributed  algorithms  &  compilers. 
Must  have  unrestricted  autho¬ 
rization  to  work  in  U  S.  M-F,  9 
am  -  5  pm,  40  hrs/wk.  Salary: 
$81,235.  An  EOE.  Send  2 
copies  of  resume  to  Case  No. 
200202100,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FL., 
Boston,  MA  02114. 


Application  Developer.  NY,  NY. 
BS  in  Comp.  Sci.  w/1  yr  exp  in 
job  or  as  Applicat'n  Pgmr  Anlyst. 
Dsgn,  dvlop,  &  deploy  large- 
scale  r/time  web  based  appli¬ 
cat'n  using  PERL,  RDBMS, 
FASTCGI,  JAVA  on  SOLARIS 
platfrm.  Share  &  syndicate  mkt 
dta  using  XML  based  dta 
exchange  tech  as  SOAP  & 
WDDI.  Re-dsgn  &  modify  WSS 
C/C++  server  applicat'n  &  JAVA 
applet  client  applicat'n  w/adv 
TCP/IP  socket  progmng. 
Support  &  maintain  dta  feed 
using  TFN  Firstcall,  COMTEX  & 
DowJones.  Prfm  optimizt'n  & 
dta  mining  using  ETL  &  SQL. 
Dvlop  &  provide  solut'n  to 
investor  using  IT  tech  &  finncial 
mkt  info,  such  as  institutional 
holding,  portfolio  mgmt, 
SEC/EDGAR  filing,  insider 
transact'n.  Send  resume  to  Mr. 
Chun,  Wall  Street  Source,  LLC, 
120  Broadway,  27th  FL,  NY,  NY 
10011. 


Conviso,  Inc.  delivers  reliability, 
economy  and  quality.  We  are  look¬ 
ing  for  the  following  position. 

Software  Quality  Analyst:  Establish, 
provide  and  advocate  the  Quality 
Assurance  practices  for  software 
development  and  testing.  Review 
applications,  systems,  processes 
pertaining  to  product  execution  and 
implementation.  Execute  multiple 
functional,  security,  data-integrity. 
including  test  automation.  Test 
tools  and  techniques  of  Win 
Runner,  Test  Director.  Simulate 
load  test  using  the  Testing  Tool 
Load  Runner.  Create  quality  test 
documentation  like  test  plans,  test 
cases,  test  matrix  and  test  reports. 
Required  Bachelor's  in  Computer 
Science  or  related  field  and  2+ 
years  of  experience. 

Send  resume  to:  Human  Re¬ 
sources,  Conviso,  Inc.,  9211  Reid 
Lake  Dr  .  Houston.  TX  77064  E- 
mail:  corphr@houston.rr.com 


Senior  Software  Automation  Qual¬ 
ity  Consultant  -  Responsible  for  de¬ 
veloping,  applying  and  maintaining 
quality  standards  for  software  appli¬ 
cations  Develop  and  execute  Auto¬ 
mated  software  test  plans  exten¬ 
sively  utilizing  Mercury  Interactive 
WinRunner,  LoadRunner,  Test- 
Director  Analyze  software  statically 
and  dynamically  using  McCabe 
Extensive  Global  Distribution  Sys¬ 
tem  knowledge  is  required.  Masters 
Degree  in  Computer  Science  or  ref 
evant  field  with  4  years  of  work  ex¬ 
perience  in  related  occupation  40 
Hrs/week  ,  $70,000/annum  Must 
be  willing  to  relocate  to  vanous  un¬ 
anticipated  work  locations  through¬ 
out  the  USA  every  4  to  10  months, 
employer  paid  Must  have  proof  of 
legal  authority  to  work  in  the  United 
States  Send  your  resumes  to  the 
Iowa  Workforce  Center.  215  Wat¬ 
son  Powell  Jr  Way,  #100.  Des 
Moines.  Iowa  50309-1727  Please 
refer  to  Job  Order  IA1101776 
Employer  paid  advertisement 


Company  engaged  in  the  dev.  of 
global  portfolio  mgmt,  trading 
and  compliance  s/w  seeks  a 
Product  Specialist/Business 
Analyst  to  utilize  sophisticated 
understanding  of  bus.  and 
finance  as  well  as  knowledge  of 
financial  s/w  common  to  the 
industry  including  Reuters, 
Bloomberg,  Market  Guide  and 
First  Call  to  test  co.  s/w  products 
from  an  end-user  perspective. 
Heavy  interaction  with  clients 
and  devlpmt,  of  specs  for  new 
product  features.  Manually  test 
features  within  the  context  of 
trading  workflows  and  work  with 
customers  in  the  finance  and 
trade  industry  to  elicit  feedback 
on  features'  functionality  and 
quality.  Duties  also  include  sup¬ 
port  of  in-house  Acct  Imple¬ 
mentation  Mgmnt,  Development 
&  Technical  Support  teams  and 
providing  bus.  level  support  on 
complex  issues.  Salary  in 
$82,000/yr.  F-T  (40  hrs./wk)  Min 
Req:  No  exp  necessary.  Masters 
in  Finance  or  related  and  knowl¬ 
edge  of  financial  s/w  applica¬ 
tions  common  to  the  industry 
including  Reuters.  Bloomberg 
First  Call,  and  Market  Guide 
required.  Please  respond  with 
two  (2)  copies  of  your  resume  to 
Case  #  200202660,  Labor 
Exchange  Office.  19  Staniford 
St,  1st  FI,  Boston,  MA  02114. 


Market  Research  Analyst 

Research  market  conditions 
for  computer  sales  and  con¬ 
sultancy  firm.  Determine 
potential  sales  of  products 
and  services.  Gather  infor¬ 
mation  on  marketing  methods 
and  distribution,  price  and 
sales.  Liaison  with  foreign 
government  officials  in 
Nigeria  and  Sierra  Leone  to 
obtain  information.  40  hrs/wk, 
no  OT„  11  months  experience 
in  above.  Send  resume  to 
Quest  Corporation,  512  East 
Jefferson  St.,  Fort  Wayne,  In 
46802.  No  Phone  Calls. 


Software  Enginees  to  design, 
develop,  test  wireless/web  soft¬ 
ware  systems  &  services  for 
devices  including  WAP  Phone, 
Pocket  PC's,  etc.  using  Java, 
JSP,  VB,  VBA,  SQL,  Web 
Servers,  Weblogic,  HTML,  MS 
Access  and  WCTP  under 
Windows,  UNIX  OS;  perform  req 
analysis  to  determine  tech,  fea¬ 
sibility;  study/evaluate  new 
tech./methodologies;  provide 
guidance  for  complex  user 
problems.  Require:  M.S.  in 
CS/Engg.  (any  branch). 
Competitive  salary.  F/T. 
Respond  to:  HR,  Air2Web,  Inc., 
1230  Peachtree  Street  NE, 
Promenade  II,  12th  FI. ,  Atlanta, 
GA  30309. 


Nexus  Innovative  Solutions  Co 
seeks  Database  Administrators 
to  design,  configure  and  man¬ 
age  Oracle  Databases  &  Appln 
Srvr  on  UNIX  &  Windows.  Also 
responsible  for  Windows  srvr 
admin;  building  online  learning 
(LMS)  solutions  by  applying 
SME  on  eLearning  sys  &  imple¬ 
menting  SCORM  AICC.  & 
HIPPA  stds;  maintaining  clinical 
sys;  monitoring  HL7  message 
transmissions;  Job  in  Chicago 
area  Requires  BS  or  eqvlnt  in 
Comp  Sd  or  Engg  &  5  yrs  exp  in 
database  admin  and/or  in  s/ware 
dsgn  &  dvlpmt  Must  have  cert 
as  Oracle  DBA  &  NT  Admin, 
Send  resume  to 

HR@niscompany.com. 
Fax.  (703)  385  4385. 


Database  Developer,  Special¬ 
ized  Libraries:  Design/manage 
marketing/market-research  data 
gathering/storage  libraries 
Perform  data  manipulation  to 
project  market  senerios  using 
knowledge  of  market  research 
methodologies.  Provide  data 
extraction,  loading,  structuring 
for  specialized  business  data 
libraries.  8:30a-5:30p.  Req: 
Bach  Bus  Admin  in  Economics/ 
Finance  &  1  yr  exp  or  as  Tech 
MIS  Coord  &/or  Web  Developer. 
Resume:  J.  Stulb,  Morris 
Communications,  699  Broad  St, 
#800,  Augusta,  GA  30901 


Computers 

SOFTWARE  PROFESSIONALS 
Midrange  Solutions  Inc.,  a  soft¬ 
ware  consulting  company,  re¬ 
quires  network  engineers  willing 
to  relocated  to  the  client  job  sites 
nationwide,  to  resolve  problems 
regarding  administration  of  AIX/ 
Unix  servers/operating  systems 
under  supervision  of  technical 
director  and  client  technical  staff. 
Mail  resume  and  salary  req's  to: 
Midrange  Solutions  Inc.,  20 
Hillside  Ave.,  Springfield,  NJ 
07081. 


Oracle  Applications  Devel¬ 
oper:  Design  &  develop 
Oracle  Databases  &  Gra¬ 
phical  user  interface.  De¬ 
velop  user  interface  using 
multiple  web  technologies 
for  generating  reports; 
Oracle  Forms  6i,  Reports 
6i,  PL/SQL,  SQL  Reports, 
Java  Script  1.1,  HTML, 
Pro  C,  Java  and  J2EE. 
Please  send  resumes  to 
101  Southhall  Lane,  Suite 
220,  Maitland,  FL  32751. 


Advansoft  (Soft  O  Soft)  is  look¬ 
ing  for  program  or  system  ana¬ 
lysts,  IT  engineers.  Candidate 
must  have  BS  or  equivalent. 
Exp.  in  IT  area  such  as  Oracle, 
Java,  VB,  WebSphere/Weblogic 
etc  is  plus.  Travel  maybe 
required  for  some  position.  Send 
resumes  to: 

info@advansoft.com.  EOE 

E-Com  has  several  system/pro¬ 
grammer  analyst  and  engineer 
positions.  We  are  small  but  sta¬ 
ble,  offer  attractive  wage  with  full 
benefits.  Consultants  must  have 
Bachelor  degree  with  experi¬ 
ence  in  SQL,  Developer  2000, 
Oracle,  Unix,  Window  NT. 
Please  send  resumes  to  e- 
com@prodigy.net 


SW  Engin'rs:  Rsrch,  design  & 
test  explorer/portlet  sw  w/ 
Vignette  on  Websphere/AlX 
platform  &  WSAD;  Design  asset 
&  info  mgt  sw  w/  Metaphase 
Toolkit;  Design  com'unic'n  appli- 
ca'ns  w/  Cobol,  DB2/CICS, 
VSAM  &  SQLServer.  40h/w,  8-5. 
BS  in  Computer/  Eng'g/Bus. 
related  field  &  2  yr  wk  exp 
involv'g  Vignette/Websphere. 
Metaphase  &  Cobol  Resume  to 
GBS  at  reddy@genesisnco<pccxn 
or  fax:  317-579-1445.  Only  US 
workers  can  apply 


Programmer  Analyst.  Convert 
customer  requirements  into  pro¬ 
gram  specifications;  analyze  im¬ 
pact  of  proposed  solutions  on 
business  applications:  ensure  sat¬ 
isfactory  functioning  through  test¬ 
ing  and  analysis  of  results;  correct 
deficiencies  according  to  cus¬ 
tomer  requirements;  and  review 
work  of  development  team  mem¬ 
bers.  Must  have  3  yrs,  exp.  as 
Programmer  Analyst  or  Program¬ 
mer.  including  3  yrs.  exp.  with 
Object  Oriented  programming, 
SQL,  Oracle,  UNIX,  Windows  ap¬ 
plication  development;  program¬ 
ming  in  C;  and  JavaScript  .  Send 
resume  to  APAC  Customer  Ser¬ 
vices,  Inc.,  Attn:  Cindy  Corkery,  6 
Parkway  North  Center,  Deerfield, 
IL  60015.  EOE/AA 

APAC  CUSTOMER  SERVICES, 
INC.  is  not  affiliated  with  APAC, 
Inc.,  the  road  paving  and  con¬ 
struction  materials  company. 


Webmaster.  Responsibilities  in¬ 
clude  web  design  &  development; 
E-Commerce  system  mainten¬ 
ance  using  web  templates,  web 
ordering  system  and  web  catalog; 
web  marketing;  and  web  server 
maintenance.  Must  have  Bachel¬ 
or's  in  Computer  Science,  MIS  or 
related,  and  must  have  knowl¬ 
edge  of  E-Commerce  including 
digital  payment,  online  catalogs, 
data  exchange  and  security; 
search  engine  optimization;  ASP: 
Dreamweaver;  Photoshop;  and 
MS  IIS  Web  Server.  Send  resume 
to  Overland  Sheepskin  Company, 
Inc.,  Attn:  HR  Dept.,  2096 
Nutmeg  Ave.,  Fairfield,  IA  52556. 


Quality  Assurance  Analyst.  Devel¬ 
op  &  execute  test  plans  &  test 
cases.  Conduct  black  box,  white 
box.  regression,  usability,  load, 
performance.  &  stress  testing 
using  SQL  Server,  TestPartner. 
Rational  Robot,  JMeter  and  lnCtr15 
for  automated  testing  &  Bugzilla  for 
defect  tracking.  Must  have  Bachel¬ 
or's  in  Comp  Sci.  Bus.  Info  Sys  or 
related  +  6  mos  exp  as  QA  Analyst 
or  Prog.  Analyst,  inci  6  mos  exp 
testing  web-based  applications 
Must  have  exp  writing  test  plans  & 
test  cases,  black  box,  white  box, 
usability,  load,  &  performance  test¬ 
ing.  knowl  of  SQL  Server  &  auto¬ 
mated  testing  tools.  Send  cover  Itr, 
resume  &  salary  req.  to:  Fiserv 
AIS  Attn:  HR.  4200  University  Ave 
Suite  400,  West  Des  Moines.  IA 
50266.  Fiserv  Advanced  Insurance 
Solutions  is  an  Equal  Opportunity/ 
Affirmative  Action  Employer. 


Information 

Overload? 


Take  a  break  at 
itcareers.com 
and  take  the 
hassle  out  of  job 
searching! 


www.itcareers.com 


THE  WORLD’S  BEST 
IT  TOOL  IS  IN 
YOUR  HANDS. 

THE  WORLD’S  BEST 
IT  TALENT  IS  AT 
OUR  SITE. 


WHAT  ELSE  WOULD 
YOU  EXPECT  FROM 
THE  ONE  AND  ONLY 
CAREER  RESOURCE 
FOR  READERS  OF 
COMPUTERWORLD, 
INFOWORLD  AND 
NETWORKWORLD? 

COME  ON, 

RECRUIT  OUR  READERS 
AND  YOU’LL  RECRUIT 
LESS  OFTEN 

WWW.ITCAREERS.COM 
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Complimentary  Event  for  Network  and  IT  Professionals  Only! 


SAVE  THE  DATE! 


September  9,  2003  -  New  York.  NY 
September  10,  2003  •>  Chicago,  IL 
September  16,  2003  ►  Richardson,  TX 
September  18,  2003  ►  San  Jose,  CA 
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Demand 


4 .  1  O 

ptimized  Services 


It's  crunch  time  for  WAN  managers.  The 
snap-back  of  budgets  and  the  sting  of 
expectations  now  demand  new  answers  from 
you.  Solutions  like  identity-based  services. 
Bandwidth  optimization.  VoIP  that  works. 
VPNs  that  fit.  True  enterprisewide  WAN 
benefits  that  are  evident,  effective,  efficient 
and  excuse-free. 

It's  time  for  WANs:  Answering  the  Demand  for  Optimized  Services,  the  new  Network  World 
Technology  Tour  event  focused  on:  disciplined  bandwidth  management,  caching  and 
compression.  Optimized  services  that  run  over  your  established  infrastructure.  Access  you 
can  control,  partition  and  protect.  Metered  monitoring  you  can  evaluate  in  real  time. 
Standards  that  finally  deliver  long-delayed  benefits  to  VPNs  and  VoIP.  The  WAN  challenge 
has  never  been  greater.  And  you  need  to  meet  it  head  on.  Act  now!  Optimize  the  benefits 
you  deliver  enterprisewide. 


"MAXIMIZE  THE  VALUE." 

"FOCUS  OUR  SPENDING. 
"GET  IT  DONE  NOW." 


PRESENTER: 

Jim  Metzler 

President, 

Ashton,  Metzler  &  Associates 


A  make-or-break  event  for: 

►  Vice  Presidents,  Network/IT 
Directors  and  Managers  of: 

Planning,  Design,  Architecture, 
Engineering,  Communications 


Top  Takeaways:  $£ 

►  bandwidth  optimization  techniques 
and  how  to  apply  them 

►  hype-free  VPN  analysis  and 
disciplined  deployment 

►  bullet-proof  VoIP  strategies 
and  practical  tactics 


Advance  Reservation  by  Qualified  Professionals  is  Required 
for  Complimentary  Attendance 

REGISTER  NOW! 

Online  at  www.nwfusion.com/events/wan2  or  call  1-800-643-4668 


This  event  is  limited  to  Network  and  IT 
professionals  involved  in  the  evaluation, 
purchase  and  implementation  of  WAN 
products  and  services. 
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BackSpin 


Mark  Gibbs 


Readers  respond  on  MCI  and  ethics 


“I  hope  we  shall . . .  crush  in  its 
birth  the  aristocracy  of  our  moneyed 
corporations,  which  dare  already  to 
challenge  our  government  to  a  trial 
of  strength  and  bid  defiance  to  the 
laws  of  our  country." 

—  Thomas  Jefferson,  1816  (thanks 
to  reader  Greg  Holman) 

I  was  going  to  pick  up  where  I  left  off  on  the  topic 
of  what  to  do  about  spam,  but  after  last  weeks 
Backspin  on  MCI’s  shenanigans  1  need  to  address 
the  flood  of  e-mail. 

First,  a  few  MCI  folks  wrote  to  profess  innocence. 
Here’s  a  typical  example:“Gee,  thanks  for  lumping 
me  in  there  with  Bernie  Ebbers.You  will  never  know 
(if  you  are  lucky)  just  how  much  you  annoyed  thou¬ 
sands  of  honest  MCI  employees  or  just  how  much 
you  managed  to  help  the  vultures  in  AT&T  [who] 
are  running  this  latest  smear  campaign.” 

Sir,  I  wasn’t  talking  about  you  personally.  Honest. 

But  it  does  appear  that  corruption  is  rampant  within 
MCI  at  many  levels. 

What  intrigued  me  was  the  number  of  people  who 
wrote  in  confirming  my  suspicions. 

“It  is  one  of  the  worst-kept  secrets  in  the  telecom/ 
Internet  industry  that  MCI  has  been  an  unethical 
place  to  work,”  one  reader  says.“Some  people  who 


worked  there  prior  to  WorldCom  had  good  feelings 
when  they  walked  away  but  the  situation  was  deteri¬ 
orating  even  then. 

“It  was  never  a  question  of  whether  the  company 
was  corrupt  —  it  was  a  question  of  when  the  world 
would  find  out,”  he  adds.“In  this  case,  journalists  and 
prosecutors  were  definitely  the  last  to  know;  not  that 
some  of  us  didn’t  try  to  tell  journalists.Those  of  us  in 
the  industry  were  amazed  that  nobody  figured  it  out. 

“An  additional  issue  —  not  discussed  much  —  is 
that  there  is  this  huge  body  of  MCI  alums  who  have 
gone  on  to  work  in  other  places  and  taken  the  cul¬ 
ture  with  them,”  he  continues.“It’s  corrupted  many 
companies  where  former  MCl/WorldCom  types  have 
become  top  executives.  I  did  work  at  one  of  those 
companies  —  and  it  was  like  the  Wild  West.  Anything 
went.The  company  eventually  collapsed,  and  those 
MCI  folks  have  gone  on  to  take  the  disease  with 
them  elsewhere.” 

Another  reader  commented: 

“I  have  been  fuming  about  MCI  since  they  began, 
all  for  naught.  I  started  my  career  at  Illinois  Bell  and 
the  exchange  where  MCI  first  linked  into  Chicago 
from  St.  Louis  was  part  of  my  operations  responsibil¬ 
ity  .. .  .While  the  techs  doing  the  job  in  both  compa¬ 
nies  got  along  fine,  any  contact  above  that  level 
always  had  a  lawsuit  threat  as  part  of  the  conversa¬ 
tion.  ...  My  last  assignment  with  Bell  was  at  [an] 


interexchange  carrier  department.  MCI  got  so  obnox¬ 
ious  that  they  would  have  their  courier  bringing  us  a 
check  [to  avoid  service  interruption  for  nonpay¬ 
ment,  and]  wait  in  the  parking  lot  until  4:59  p.m.on 
Friday  of  the  deadline  week,  just  to  ensure  ‘last 
minute’  payment.” 

Another  wave  of  commentary  concerned  the  big¬ 
ger  issue  of  corporate  ethics  and  how  they  affect  IT 
people.  It  seems  many  of  you  are  concerned  about 
the  way  large  companies  can  create  an  environment 
that  encourages  duplicity  and  dishonesty. 

“Integrity  seems  to  have  taken  a  back  seat  to  profit, 
[as]  is  evident  not  only  [from]  your  examples  but 
[also]  from  my  reading  and  personal  experiences,” 
one  reader  says.“I  have  turned  away  IT  business 
where  I  thought  the  method  was  unethical,  only  to 
be  looked  at  with  disbelief. 

“In  any  event,  in  large  companies  IT  professionals 
are  strong-armed  into  situations  where  they  enable 
the  dishonesty  to  exist,”  he  continues.  “From  an  IT 
perspective  1  know  there  is  no  way  for  me  or  others 
not  to  know  what  is  going  on.” 

And  that  is  the  crux  of  the  matter.  IT  people  usually 
do  know  what  is  going  on  in  their  companies. 
Whether  they  can  change  what  happens  is  another 
matter.  Having  an  ethical  position  is  the  first  step. 

Express  your  position  to  backspin@gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


‘Dear  Mr.  President . . 

Buzz  recently  sent  an  e-mail  to 
President  Bush.  Here’s  an  excerpt 

from  the  reply: 

“Because  of  the  large  volume  of  e-mail  received,  the  president  cannot  per¬ 
sonally  respond  to  each  message.  However,  the  White  House  staff  considers 
and  reports  citizen  ideas  and  concerns." 

The  first  sentence  is  amusing  in  that  someone  at  the  White  House  apparently 
believes  that  in  this  global  society  of  ours  there  lives  an  individual  who  pos¬ 
sesses  sufficient  intellectual  wherewithal  to  send  an  e-mail  but  not  enough  to 
understand  that  the  leader  of  the  free  world  cannot  answer  all  of  his. 

The  second  sentence  reads  as  though  it  were  written  by  a  certain  former 
president  known  for  his  semantic  slipperiness.  It  suggests  that  e-mail  sent  to 
this  address  will  be  read  by  White  House  staff  and  perhaps  passed  along  to 
the  president . . .  although  it  actually  says  no  such  thing. 

Grown-ups  know,  of  course,  that  John  Hinckley  has  a  better  chance  of  reach¬ 
ing  the  Oval  Office  than  does  an  e-mail  sent  to  president@whitehouse.gov.  Yet 
the  White  House,  much  like  large  corporations  and  image-conscious  celebri¬ 
ties,  perceives  a  need  to  maintain  the  fiction  of  an  always-open  two-way  com¬ 
munications  channel  called  e-mail. 

In  the  olden  days,  citizens  wrote  to  the  president  using  pen,  paper,  perhaps  a 
typewriter  and  the  occasional  crayon.  President  Bush  Version  1.0  was  actually 
famous  for  scratching  out  countless  longhand  notes. 

One  reason  his  son  can’t  personally  answer  all  of  today’s  presidential  e-mail 
is  that  president@whitehouse.gov  reportedly  receives  15,000  messages  every 
day. They  are  not  all  from  concerned  citizens.  A  healthy  chunk  is  spam,  both  the 
garden  variety  endured  by  all  of  us  and  its  close  cousin:  politically  orchestrated, 
often-automated,  mass  e-mailings  that  are  roughly  equivalent  to  a  cacophony  of 


honking  horns  in  a  traffic  jam.  We're  talking  about  a  bunch  of  noise  that  is  pretty 
darn  useless  for  any  purpose  other  than  creating  the  impression  of  openness. 

To  its  credit,  the  White  House  has  launched  an  alternative  — White  House 
Web  Mail  —  that  it  says  is  designed  to  do  a  bit  better  by  weeding  out  the  politi¬ 
cal  spam.  Whether  that's  really  the  motive  is  being  questioned  by  some. 

The  Web  Mail  form  —  www.whitehouse.gov/webmail  —  won'f  win  any  design 
prizes  ...  or  friends.  The  thing  has  far  too  many  required  fields,  each  of  which 
constitutes  a  potential  barrier  for  the  sender,  in  particular  one  unfamiliar  with 
such  forms.  For  example,  the  site  originally  rejected  my  submission  because  I 
had  failed  to  select  "Mr.”  from  a  drop-down  menu  of  courtesy  titles  preceding 
my  name. 

Users  are  not  only  asked  to  declare  the  topic  of  their  correspondence  from  a 
limited  variety  of  choices,  but  also  to  state  upfront  whether  their  comments 
will  support  or  oppose  the  president's  position  on  whatever  that  topic  may  be. 
One  need  not  be  a  cynical  journalist  to  wonder  if  the  categorization  has  any 
bearing  on  the  likelihood  of  getting  a  reply. 

All  in  all,  the  form  seeks  far  more  personal  information  than  required  to 
simply  ascertain  whether  the  sender  is  a  human  being  and  not  an  automatic 
e-mail-generating  program. 

So  here's  what  I  wrote  to  the  president  using  the  new  system: 

“Dear  President  Bush:  While  I  understand  the  need  to  filter  out  all  the  junk 
that  tries  to  pass  as  legitimate  e-mail  to  your  office,  this  new  system  is  far  too 
complex  and  cumbersome.  You’d  do  well  to  order  a  simplification  before  anyone 
starts  to  think  you  don’t  really  want  to  hear  from  us.” 

Haven’t  gotten  a  reply. 

Mark  me  gone  for  two  weeks  of  vacation,  during  which  time  this  space  will  be 
filled  by  the  always-entertaining  observations  of  Network  World  Fusion  Executive 
Editor  Adam  Gaffin.  You  can  still  write  to  me,  though,  without  filling  out  arty  forms. 
The  address  is  buzz@nww.com. 
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See  disparate  data  united. 

See  old  and  new  become  one. 
See  bits  of  data  become  insight. 


. 


Introducing  IBM  DB2  Information  Integrator  -  the  brand-new  software  that  turns  everything  in  its  path  into 
insight  and  opportunity:  rows  and.  columns,  video  and  e-mail,  audio  and  Web.  It  works  wherever  your 
data  lives:  Oracle,  Microsoft  or  IBM.  It  works  in  real  time,  across  platforms:  Linuxf  Windows^  UNIX:  Insight 
is  yours.  On  demand.  Faster  than  ever.  For  a  DB2  Information  Integrator  Kit,  visit  ibm.com/db2/integrate 


fBM.  DB2..the  e-buSiness  logo  and  e-business  on  demand  are  registered  trademarks  Or  trademarks  Of  International  Business  Machines  Corporation  in  the  United  States  and/or  ofhc  '  :  V  v* 

countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other. CdU^f 
UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and  or  other  countries  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  gjheri  ••'/,.  ■ ;  Vjfr^.-V r  .,  fhjtfhf&jfc 
1^2003  IBM  Corporation.  All  rights  reserved  '  '  .^k  tWc; W 


SUN  FIRE™  V60X  SERVER: 

>  INTEL  XEON  2.8  GHZ  PROCESSOR 

>  RUNS  SOLARIS™  9  OS  FOR  X86  OR  RED  HAT*  ENTERPRISE  LINUX*  ES 


$2,450. 


SUN  FIRE  V210  SERVER: 

>  RACK-OPTIMIZED,  ULTRASPARC7S0LARIS  OS 

>  INTEGRATED  WITH  AWARD-WINNING  SUN"  ONE  MIDDLEWARE 


$2,995. 


SUN  STOREDGE™  3310  SCSI  ARRAY: 

>  HIGH-DENSITY,  MODULAR  STORAGE 

>  HIGH  AVAILABILITY  CONFIGURATIONS 

$6,995. 

SUN  FIRE  B100  BLADE  SERVER: 

>  ULTRASPARC  OR  X86  PROCESSOR 

>  RUNS  SOLARIS  8,  9,  OR  RED  HAT  ENTERPRISE  LINUX  ES’ 

$1,795- 


THE  LOW  COST  MOVE  IS  ON 
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